Disgruntled Ex-Auto Dealer Employee Hacks Computer System To Disable Over 100 Cars

from the welcome-to-the-new-world dept

Ah, the fun of the electronic age. A few years back we started hearing about tools to remotely disable a car. These were talked about as a security system to recover stolen vehicles, but also as a device to put on leased cars, in case they need to be repossessed. Of course, once you put that technology on the car, what’s to stop someone from abusing it? Turns out that a disgruntled ex-employee of a car dealership that put such a technology on its cars, was able to log into the computer system using a former co-workers account and then started methodically targeting the cars that used that system:

Ramos-Lopez?s account had been closed when he was terminated from Texas Auto Center in a workforce reduction last month, but he allegedly got in through another employee?s account, Garcia says. At first, the intruder targeted vehicles by searching on the names of specific customers. Then he discovered he could pull up a database of all 1,100 Auto Center customers whose cars were equipped with the device. He started going down the list in alphabetical order, vandalizing the records, disabling the cars and setting off the horns.

Good thing he wasn’t fired from a hospital that used internet-connected pacemakers, huh?

Filed Under: , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Disgruntled Ex-Auto Dealer Employee Hacks Computer System To Disable Over 100 Cars”

Subscribe: RSS Leave a comment
42 Comments
The Infamous Joe (profile) says:

Re: Hack? Don't think so

I concur, but by the letter of the law, any access to a system with a password that you aren’t authorized to access is lumped under “hacking”. It doesn’t seem to take into account how access was gained.

But, now he can tell his friend(s) he’s going to jail for being a hacker– that’s some good geek street cred right there. ๐Ÿ™‚

:) says:

Causing grief to customers is bad, for me is like spitting on food in a restaurant or worse.

The guy is blinded by rage and forget he is hurting others that have done nothing against or for him.

I think the guy should be forced to sit through lengthy lectures about why what he did was wrong or be forced to do community service as he did wrong society and he should make emends somehow.

senshikaze (profile) says:

Re: Hack? What hack?

well considering, imho, the popular use of the word “hack” is wrong in essence, this isn’t really all that surprising. I really wish they would switch to crack, since hacking doesn’t even make sense in most cases it is wrongfully applied. A hack is generally a non-harmful trick to get something done (“I hacked together spare junk for a purpose), whilst cracking is a harmful use of technology(or social engineering in this case) to cause pain or suffering or to perpetrate a criminal act.
I know plenty of hackers, but know very few crackers.

dan (profile) says:

Re: Hack? What hack?

every site should be watching this because its not a safety feature, its a massive technical screw up and were all to blame.computers inside cars dont stop accidents.what they do accomplish is breaking and causing expensive repairs on brand new vehicles that need a tow to a dealership full of idiots that wont even know whats wrong.people have been driving cars without computers for a long time! can you believe that???type that in to your 600$ Idick phone.the best part about all this is young kids believe in technology like its mother nature.yea i said it…..Idick phone.

Steve R. (profile) says:

Only the Beggining

Technological advancement has its pluses and minuses. Unfortunately, stories such as these make the headlines. The Luddites then start foaming at the mouth with indignation. We need to adapt, not condemn.

The New York Times, for example, wrote a rather pointless article on how automating (remotely) the reading your electric meter raised privacy concerns. So what. The utility companies have been collecting this data for eons, the only difference is that it is automated and does have a higher “resolution” (real-time versus monthly).

scarr (profile) says:

Re: Only the Beggining

Thank you for highlighting this point. It’s fear-mongering.

One counter-argument I read suggested that the technology was dangerous in case someone had an emergency, and couldn’t drive the disabled car. Since when did people get the right to drive vehicles they didn’t pay for in emergency situations? That’s justifying grand theft, and it’s stupid.

The story demonstrates a problem with the dealer’s (and possibly the technology company’s, but I don’t know for certain) procedure and/or security, not an inherent problem with technology.

btr1701 (profile) says:

Re: Re: Only the Beggining

> That’s justifying grand theft, and it’s stupid.

Don’t be ridiculous.

Failing to make a payment (or making a late payment) on a vehicle loan is in no way “grand theft”. If it were, the police would be routinely arresting and sending people to prison for it. As it is, the most that can happen is a tow truck shows up and takes the car back.

It’s a simple breach of contract (a civil, not criminal matter). Nothing more.

Noah Body says:

There is a hack, but not in the original sense

@georgied It’s a “hack” because the term has been warped from the act of modification of an object to preform something it wasn’t designed to do to meaning doing anything with a computer that is, at the very least, arguably unethical. I can’t say I’m a fan of this current definition being a hacker in the old sense myself, but that’s where we’re at.

At face value this simply seems a case of possible social engineering since this disgruntled guy used another person’s credentials to access a system he wasn’t supposed have access to at the time. Sigh… that just shows that any system is insecure thanks to users. However they are a necessary evil. With no users there would be no reason for the system.

I’m sure I’m preaching to the choir on this one but keep your usernames and passwords yours!

The Infamous Joe (profile) says:

Re: Just another reason why

I’m confused. Do you *really* not want remote access to your car, or do you not want *someone else* to have remote access to your car.

I only ask, because I *do* want the ability to control my car from a remote location. (We’ll ignore the fact that I have no real use for this feature.) I think it would be cool. ๐Ÿ™‚

Anonymous Coward says:

Lots of Questions

1) Are customers informed of this ‘feature’ when they buy the car?

2) Are these black boxes removed from cars who don’t use dealer financing?

3) Is the black box removed when the car is paid off? If not, does the dealer’s access get revoked somehow?

4) Does the car owner have access to this feature? Can he disable his car while he’s away on vacation as an extra security measure?

5) Do bad things happen if the car no longer receives signals from the network? e.g. If the owner places a Faraday cage around the thing, or Pay Technologies goes out of business and stops transmitting, what happens. Does the car need a periodic ping to stay alive?

Anonymous Coward says:

Re: Lots of Questions

I dug into the product specs to answer my own questions:

1) Yes

2) Yes

3) Ideally yes, but what happens if the dealer goes out of business?

4) Yes, for an extra fee.

5) In addition to the dealer remote control that the article highlights, it looks like the driver needs to enter a dealer provided code every few weeks to keep the car running. Sounds like bad things might happen if the dealership or pay-tech folds and can’t provide you with your next week’s DRM code.

-In addition, it has an added gps(?) feature to help dealers (and their disgruntled ex-employees) locate cars that they want to repossess. — Obvious privacy implications to consider.

A/C (profile) says:

Removal of Boxes

I’m wondering just how often someone good with a screwdriver and a soldering iron just removes the box from a car that he/she purchased in this manner. Seems, like it would go a long ways towards eliminating the problem. If they hooked the box up to a 12 volt power source after removing it, and left it in their garage, that would pretty much make the entire system useless.

Mayor Milobar (profile) says:

Ubi-Dealership coming next year

I can’t wait until Ubisoft diversifies into the automobile market and requires an always on internet connection to be able to drive your car. If at any time you lose connectivity, your vehicle automatically shuts down. But don’t worry, the online system saves your state, so as soon as your network connection is re-established your vehicle will resume traveling in the same direction and at the same speed.

Steve R. (profile) says:

Re: Ubi-Dealership coming next year

Endless permutations!!!
You wrote: “I can’t wait until Ubisoft diversifies into the automobile market and requires an always on internet connection to be able to drive your car.”

Late on your car payment – car turned off.
Run a red light – car turned off.
Late on your maintenance – car turned off
Auto incident above a certain “G” force – car turned off.
In car DVD player, unauthorized content – car turned off
Ford parts installed in a Chevy – car turned off.

Lawyers – $happy$

Anthony (profile) says:

Funny Guy! Hacking into computer systems!!

This guy was in the wrong profession if he could hack into the database like that!! I was actually looking for posts about buying a new car and found this one! very funny!

If someone is looking to buy a new car here is an interesting article about the best time to buy one I just read http://www.lifedaily.com/when-is-the-best-time-to-buy-a-car/ hope you find it useful too.
A.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop ยป

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...