Hacker Disables More Than 100 Cars Remotely

Source: Wired

Hacker Disables More Than 100 Cars Remotely

More than 100 drivers in Austin, Texas found their cars disabled or the horns honking out of control, after an intruder ran amok in a web-based vehicle-immobilization system normally used to get the attention of consumers delinquent in their auto payments.

Police with Austin’s High Tech Crime Unit on Wednesday arrested 20-year-old Omar Ramos-Lopez, a former Texas Auto Center employee who was laid off last month, and allegedly sought revenge by bricking the cars sold from the dealership’s four Austin-area lots

“We initially dismissed it as mechanical failure,” says Texas Auto Center manager Martin Garcia. “We started having a rash of up to a hundred customers at one time complaining. Some customers complained of the horns going off in the middle of the night. The only option they had was to remove the battery.”

The dealership used a system called Webtech Plus as an alternative to repossessing vehicles that haven’t been paid for. Operated by Cleveland-based Pay Technologies, the system lets car dealers install a small black box under vehicle dashboards that responds to commands issued through a central website, and relayed over a wireless pager network. The dealer can disable a car’s ignition system, or trigger the horn to begin honking, as a reminder that a payment is due. The system will not stop a running vehicle.

Read More http://www.wired.com/threatlevel/2010/03/hacker-bricks-cars/#ixzz0iT6gds1S


Read more: http://www.wired.com/threatlevel/2010/03/hacker-bricks-cars/

Same with all computerized/electric systems.

Wonder how widespread that black box practive is?

Lots of surveillence and electronic control - what we know about is almost certainly the tip of a very large Total Information Awareness iceberg.

How about filing vehicle tampering charges against the dealership?

What the dealership did is illegal, intrusive, and revolting.

The dealership should have had to disclose that this device was installed on its vehicles and the new owners should have had to sign something acknowledging that they knew the device was in place.

Okay, so there are deadbeats who don't make their car payments. But what about the rest of us who might have to live next to them, work next to them, etc.

WebTeck is the dealership Internet-enabled interface to PayTeck boxes. It is a little box with a keypad on it, and it's in plain sight--it has to be, because when you sign for the car the dealer plugs the terms of the deal into the PayTeck box. Maybe you signed up to pay your car note by the fifth of each month. Every time you make a payment, the dealer gives you a five-digit code. Feed it into the PayTeck box, and you can drive the car for another month. If the thing doesn't receive the five-digit code by the end of the day on the fifth, the car will not start until you enter the code.

Oh, and forget the "my 1971 Nova is safe from this" meme. First, who the hell would borrow money to buy a 1971 Nova? And second, even if you DID borrow money to buy one, it would be REAL easy to install a PayTeck on it--it would take two foglight relays, one to the coil's primary circuit, the other to the bendix wire for the starter, and any decent mechanic could hide those two relays under the dash so you'd never find them.

I wouldn't exactly call what this person did a hack. That implies some great and heroic action was taken on the former employee's part. All he needed was the dealership's WebTeck password, which of course no one ever changes. The system is DESIGNED to let you remotely turn off the ignition system, flash the lights, honk the horn and all that.

This is the best part: If you buy a car from a lot that uses this, they can for a separate fee offer you the chance to have the antitheft function of this turned on. When it is, the customer has to feed in a PIN to start his car. Once you pay the car off, you have a choice: you can either pay a fee to buy the box (people probably do that--a security system can lower your insurance rates) or pay a fee to have it removed.

But horn honking, light flashing, etc just seems like harrassment of everybody, and possibly a safety concern.

...If it's a lease, the dealer still owns the car. Fine print the black box, maybe, or not at all. I'd like to hear an attorney weigh in, for sure.

to get into the system. Also another question is why the dealership didn't bother to secure their web app from outside requests. If a former employee can access the system from the outside - anyone can.

People are not good at remembering credentials so they write them down all the time. He could have gotten them before he left. He also could have done some social engineering technique like calling and saying he's from the IT Department and needs to have their password to test a problem. Then, there are the automatic password resets that make you put in "security" questions. Your mother's maiden name is not a good security question. Neither is your father's middle name. Both can probably be found right on Ancestry.com.

I do agree that the web site should not have been accessible from outside a company location. Or over a secure VPN connection. But we are talking about car dealers here. Their interest is in the next sale, not the security of their systems. Like so many places I've worked the only time cyber-security becomes important is AFTER an incident like this.

I can't see Boeing installing a kill-switch that can be operated remotely in a commercial jet. Besides, the kill switches in the cars cannot be tripped when the vehicle is being operated. So no killing the car on the freeway during rush-hour. However, the On-Star service now offers the option to stop an operating vehicle if it's stolen and the police are in pursuit. I hope they're better secured than these jokers were.

Just give us the money a$$holes. Then go die.

If the dealer is so worried that a customer is not going to pay that it has to install these devices, it probably should not be selling to these customers in the first place.

(back when I ran the collections dept for a super regional bank), the repo rate for cars was in the 0.5-1% range.

ruining their credit shouldn't be able to buy a car...:eyes:

People have bad credit probably because they took on debt they couldn't afford. Or they had a prolonged period of being jobless, screwed by healthcare, divorce, etc.

Why would any of these people then want to saddle themselves with a car payment? Save up $2000 and buy a clunker. You'd need that for a down payment on one of these wired cars anyway.

and people can get into a $2000 car for $200 down. How can a person save up $2000 who has no way to get to work....actually most of these types of buyers are people who will never have $2000 in hand at one time. They can however pay $200 down and $25 per/week.

The "suggested" down payments listed on most of their cars seems to be in the $1500 range, and these are for cars with 100k+ miles on them. The total price of the cars isn't even listed. I don't know why people don't run from the place.

if they want or need a car. For comparison look at craigslist cars for sale and see what you can find for under around $4000 with less than 100k....not much. I am not trying to be snarky but it seems to me you may be a bit out of touch with the lower income people/lower end cars.

if you need a weekly payment plan and the company selling it wants to put on some electronic repo device, chances seem really good that you can't afford what you're buying. Maybe that makes me out of touch, but people somehow figured it out before these devices existed.

... to this technology?

That would be a new one for me - seeing as though I spent 10 years in the retail auto finance industry.


No. The only thing that has changed here is the lender's ability to harass and shame their customers 27-7, including holidays, at the push of a button.


In the old-old days, prior to my working in the industry, the real sub-sub-prime lenders required a set of keys to the financed auto in case it needed repossessing. The courts (in Illinois) deemed that an intrusion on the borrower's ownership rights - seeing as though the borrower in fact DOES own the vehicle (regardless of liens placed on the title). Hint: Some rights you can't or at least SHOULDN'T be able or required to sign away as a condition to contract.

It doesn't surprise me that a pro-business state like Texas allows this. Who knows - maybe it's now legal in Illinois for lenders to keep a set of keys now or use this fucked up technology.

that in my years as a repossessor it was always the low end cars which were hard to locate. We refused to work for tote lots as did most of the other fully insured professional repo people which left the repo either to the dealer himself or often to shady, stupid people who would be more than willing to violate the debtors rights to take their car.

IL has to be one of the only states in the country to not allow a lien holder to keep a set of keys to a liened car. This is a better option than most in TX as there are tons of stories where people shot or otherwise assaulted repossessors and no charges were filed. This allows a more peaceful solution IMHO.

... customers in serious default, subject to repo or hiding cars. if that were the case, I MIGHT be more supportive.

Most car dealers likely don't care what you do with or where you take the car as long as it is being paid for.

My experience with the tote lot owners I have met is that they have many repeat customers. They are not looking to harass anyone who is current or at least in communication with them.

After my old Toyota got destroyed in a freak accident with a runaway dumpster I bought a cheap 1995 VW Golf from a wacky inflatable arm flailing tube man used car dealer just so I would have something to drive until I got around to buying a new car.

A week after I bought it they called me and asked me to bring it in because they had left a piece of their equipment in the car. I paid cash so they didn't need it in there.

They showed me how it worked, looked sort of cool.

whenever a driver text messages?

the quandary is..

1. Most low dollar, older cars end up on a 'tote the note' lot which allows people who have bad credit or low income to buy a car without having the full amount in cash.

2. These types of car buyers are, by their very nature, usually not home owners and tend to move around more than people with higher incomes and good credit, as well as are more likely to not have a consistent cell phone or communication.

3. The cost of repossessing a car may exceed the value of the car while the balance left on the car may represent the profit that the dealer is making on the sale.

4. The risk associated with repossessing these cars isn't insignificant

5. This seems like a good way for the dealer to insure he can locate the car if it is in default, and encourage the buyer to pay current.

6. These devices are relatively new and like every other new system likely need to be tweeked...this incident should serve as a wakeup call to the makers and dealers who use them.

Overall this seems like a good system for the lower end vehicles. Similar systems have been in place for semi trucks for several years and have been effective in locating and recovering defaulted trucks which have been very difficult to find in years one by.

I would never willingly agree to something like this.

I forget which carrier, but my cousin was able to have his cell phone bricked when it was stolen.


These things should have a very high level of security on them, but they are useful in the modern age. And awful hard to protect anything against a motivated and adept former employee with a grudge.

RUN FOR YOUR LIVES!!!1!1!! IT'S THE DEVIL!!1!

both labor saving and ultimately reduces the cost of collection.

It never ceases to amaze me how much trust the average person puts in the magic of electronics/computers .... in some circumstances the simpler mechanical device just performs more reliably. (Voting machines come to mind, but that's probably a permanently lost cause by now.)

Hekate

One has to ask, "If this is installed in a vehicle, is it less-safe?"