Disgruntled Ex-Auto Dealer Employee Hacks Computer System To Disable Over 100 Cars
from the welcome-to-the-new-world dept
Ah, the fun of the electronic age. A few years back we started hearing about tools to remotely disable a car. These were talked about as a security system to recover stolen vehicles, but also as a device to put on leased cars, in case they need to be repossessed. Of course, once you put that technology on the car, what's to stop someone from abusing it? Turns out that a disgruntled ex-employee of a car dealership that put such a technology on its cars, was able to log into the computer system using a former co-workers account and then started methodically targeting the cars that used that system:Ramos-Lopez’s account had been closed when he was terminated from Texas Auto Center in a workforce reduction last month, but he allegedly got in through another employee’s account, Garcia says. At first, the intruder targeted vehicles by searching on the names of specific customers. Then he discovered he could pull up a database of all 1,100 Auto Center customers whose cars were equipped with the device. He started going down the list in alphabetical order, vandalizing the records, disabling the cars and setting off the horns.Good thing he wasn't fired from a hospital that used internet-connected pacemakers, huh?
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cars, computers, disabled, disgruntled employees
Reader Comments
Subscribe: RSS
View by: Time | Thread
mmmm
[ link to this | view in chronology ]
Re: mmmm
[ link to this | view in chronology ]
Hack? Don't think so
He was a hack for using his own computer.
[ link to this | view in chronology ]
Re: Hack? Don't think so
But, now he can tell his friend(s) he's going to jail for being a hacker-- that's some good geek street cred right there. :)
[ link to this | view in chronology ]
Re: Re: Hack? Don't think so
[ link to this | view in chronology ]
If the people are smart...
[ link to this | view in chronology ]
The guy is blinded by rage and forget he is hurting others that have done nothing against or for him.
I think the guy should be forced to sit through lengthy lectures about why what he did was wrong or be forced to do community service as he did wrong society and he should make emends somehow.
[ link to this | view in chronology ]
Hack? What hack?
[ link to this | view in chronology ]
Re: Hack? What hack?
I know plenty of hackers, but know very few crackers.
[ link to this | view in chronology ]
Re: Re: Hack? What hack?
I prefer "caucasian." Or if you must, "honkey."
[ link to this | view in chronology ]
Re: Hack? What hack?
[ link to this | view in chronology ]
Re: Re: Hack? What hack?
[ link to this | view in chronology ]
Only the Beggining
The New York Times, for example, wrote a rather pointless article on how automating (remotely) the reading your electric meter raised privacy concerns. So what. The utility companies have been collecting this data for eons, the only difference is that it is automated and does have a higher "resolution" (real-time versus monthly).
[ link to this | view in chronology ]
Re: Only the Beggining
One counter-argument I read suggested that the technology was dangerous in case someone had an emergency, and couldn't drive the disabled car. Since when did people get the right to drive vehicles they didn't pay for in emergency situations? That's justifying grand theft, and it's stupid.
The story demonstrates a problem with the dealer's (and possibly the technology company's, but I don't know for certain) procedure and/or security, not an inherent problem with technology.
[ link to this | view in chronology ]
Re: Re: Only the Beggining
Don't be ridiculous.
Failing to make a payment (or making a late payment) on a vehicle loan is in no way "grand theft". If it were, the police would be routinely arresting and sending people to prison for it. As it is, the most that can happen is a tow truck shows up and takes the car back.
It's a simple breach of contract (a civil, not criminal matter). Nothing more.
[ link to this | view in chronology ]
Re: Re: Only the Beggining
Stupid is trying to claim that being late on a payment is grand theft.
[ link to this | view in chronology ]
There is a hack, but not in the original sense
At face value this simply seems a case of possible social engineering since this disgruntled guy used another person's credentials to access a system he wasn't supposed have access to at the time. Sigh... that just shows that any system is insecure thanks to users. However they are a necessary evil. With no users there would be no reason for the system.
I'm sure I'm preaching to the choir on this one but keep your usernames and passwords yours!
[ link to this | view in chronology ]
Just another reason why
[ link to this | view in chronology ]
Re: Just another reason why
I only ask, because I *do* want the ability to control my car from a remote location. (We'll ignore the fact that I have no real use for this feature.) I think it would be cool. :)
[ link to this | view in chronology ]
Re: Re: Just another reason why
[ link to this | view in chronology ]
See?
[ link to this | view in chronology ]
Re: See?
My professor just told us we would all be raging alcoholics within ten years and gave us a chance to back out.
[ link to this | view in chronology ]
it seems a simple solution to a lot of these issues is to require two authorized users input to shutdown a car
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Funny
[ link to this | view in chronology ]
Re: Funny
3rd rule is have really cool 3d screen savers playing in the background so it looks like you are doing something others won't understand. Bonus points for physics equations being in there as well.
[ link to this | view in chronology ]
Repo's not Hacks.
[ link to this | view in chronology ]
Lots of Questions
2) Are these black boxes removed from cars who don't use dealer financing?
3) Is the black box removed when the car is paid off? If not, does the dealer's access get revoked somehow?
4) Does the car owner have access to this feature? Can he disable his car while he's away on vacation as an extra security measure?
5) Do bad things happen if the car no longer receives signals from the network? e.g. If the owner places a Faraday cage around the thing, or Pay Technologies goes out of business and stops transmitting, what happens. Does the car need a periodic ping to stay alive?
[ link to this | view in chronology ]
Re: Lots of Questions
[ link to this | view in chronology ]
Re: Lots of Questions
1) Yes
2) Yes
3) Ideally yes, but what happens if the dealer goes out of business?
4) Yes, for an extra fee.
5) In addition to the dealer remote control that the article highlights, it looks like the driver needs to enter a dealer provided code every few weeks to keep the car running. Sounds like bad things might happen if the dealership or pay-tech folds and can't provide you with your next week's DRM code.
-In addition, it has an added gps(?) feature to help dealers (and their disgruntled ex-employees) locate cars that they want to repossess. -- Obvious privacy implications to consider.
[ link to this | view in chronology ]
Re: Lots of Questions
You mean like what would happen if a DRM server went away? Oh, that would never happen! (snort)
[ link to this | view in chronology ]
Removal of Boxes
[ link to this | view in chronology ]
Ubi-Dealership coming next year
[ link to this | view in chronology ]
Re: Ubi-Dealership coming next year
You wrote: "I can't wait until Ubisoft diversifies into the automobile market and requires an always on internet connection to be able to drive your car."
Late on your car payment - car turned off.
Run a red light - car turned off.
Late on your maintenance - car turned off
Auto incident above a certain "G" force - car turned off.
In car DVD player, unauthorized content - car turned off
Ford parts installed in a Chevy - car turned off.
Lawyers - $happy$
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Used Trucks
[ link to this | view in chronology ]
BMW Cars
[ link to this | view in chronology ]
Car Motorcycle Parts
Car Motorcycle Parts
This is a very good site. Thankyou.
[ link to this | view in chronology ]
Maybe it would have been a hack if...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Funny Guy! Hacking into computer systems!!
If someone is looking to buy a new car here is an interesting article about the best time to buy one I just read http://www.lifedaily.com/when-is-the-best-time-to-buy-a-car/ hope you find it useful too.
A.
[ link to this | view in chronology ]