Disgruntled Ex-Auto Dealer Employee Hacks Computer System To Disable Over 100 Cars

from the welcome-to-the-new-world dept

Ah, the fun of the electronic age. A few years back we started hearing about tools to remotely disable a car. These were talked about as a security system to recover stolen vehicles, but also as a device to put on leased cars, in case they need to be repossessed. Of course, once you put that technology on the car, what’s to stop someone from abusing it? Turns out that a disgruntled ex-employee of a car dealership that put such a technology on its cars, was able to log into the computer system using a former co-workers account and then started methodically targeting the cars that used that system:


Ramos-Lopez?s account had been closed when he was terminated from Texas Auto Center in a workforce reduction last month, but he allegedly got in through another employee?s account, Garcia says. At first, the intruder targeted vehicles by searching on the names of specific customers. Then he discovered he could pull up a database of all 1,100 Auto Center customers whose cars were equipped with the device. He started going down the list in alphabetical order, vandalizing the records, disabling the cars and setting off the horns.

Good thing he wasn’t fired from a hospital that used internet-connected pacemakers, huh?

Filed Under: , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Disgruntled Ex-Auto Dealer Employee Hacks Computer System To Disable Over 100 Cars”

Subscribe: RSS Leave a comment
42 Comments
The Infamous Joesays:

Re: Hack? Don't think so

I concur, but by the letter of the law, any access to a system with a password that you aren’t authorized to access is lumped under “hacking”. It doesn’t seem to take into account how access was gained.

But, now he can tell his friend(s) he’s going to jail for being a hacker– that’s some good geek street cred right there. ­čÖé

:)says:

Causing grief to customers is bad, for me is like spitting on food in a restaurant or worse.

The guy is blinded by rage and forget he is hurting others that have done nothing against or for him.

I think the guy should be forced to sit through lengthy lectures about why what he did was wrong or be forced to do community service as he did wrong society and he should make emends somehow.

senshikazesays:

Re: Hack? What hack?

well considering, imho, the popular use of the word “hack” is wrong in essence, this isn’t really all that surprising. I really wish they would switch to crack, since hacking doesn’t even make sense in most cases it is wrongfully applied. A hack is generally a non-harmful trick to get something done (“I hacked together spare junk for a purpose), whilst cracking is a harmful use of technology(or social engineering in this case) to cause pain or suffering or to perpetrate a criminal act.
I know plenty of hackers, but know very few crackers.

dansays:

Re: Hack? What hack?

every site should be watching this because its not a safety feature, its a massive technical screw up and were all to blame.computers inside cars dont stop accidents.what they do accomplish is breaking and causing expensive repairs on brand new vehicles that need a tow to a dealership full of idiots that wont even know whats wrong.people have been driving cars without computers for a long time! can you believe that???type that in to your 600$ Idick phone.the best part about all this is young kids believe in technology like its mother nature.yea i said it…..Idick phone.

Only the Beggining

Technological advancement has its pluses and minuses. Unfortunately, stories such as these make the headlines. The Luddites then start foaming at the mouth with indignation. We need to adapt, not condemn.

The New York Times, for example, wrote a rather pointless article on how automating (remotely) the reading your electric meter raised privacy concerns. So what. The utility companies have been collecting this data for eons, the only difference is that it is automated and does have a higher “resolution” (real-time versus monthly).

scarrsays:

Re: Only the Beggining

Thank you for highlighting this point. It’s fear-mongering.

One counter-argument I read suggested that the technology was dangerous in case someone had an emergency, and couldn’t drive the disabled car. Since when did people get the right to drive vehicles they didn’t pay for in emergency situations? That’s justifying grand theft, and it’s stupid.

The story demonstrates a problem with the dealer’s (and possibly the technology company’s, but I don’t know for certain) procedure and/or security, not an inherent problem with technology.

btr1701says:

Re: Re: Only the Beggining

That’s justifying grand theft, and it’s stupid.

Don’t be ridiculous.

Failing to make a payment (or making a late payment) on a vehicle loan is in no way “grand theft”. If it were, the police would be routinely arresting and sending people to prison for it. As it is, the most that can happen is a tow truck shows up and takes the car back.

It’s a simple breach of contract (a civil, not criminal matter). Nothing more.

Noah Bodysays:

There is a hack, but not in the original sense

@georgied It’s a “hack” because the term has been warped from the act of modification of an object to preform something it wasn’t designed to do to meaning doing anything with a computer that is, at the very least, arguably unethical. I can’t say I’m a fan of this current definition being a hacker in the old sense myself, but that’s where we’re at.

At face value this simply seems a case of possible social engineering since this disgruntled guy used another person’s credentials to access a system he wasn’t supposed have access to at the time. Sigh… that just shows that any system is insecure thanks to users. However they are a necessary evil. With no users there would be no reason for the system.

I’m sure I’m preaching to the choir on this one but keep your usernames and passwords yours!

The Infamous Joesays:

Re: Just another reason why

I’m confused. Do you really not want remote access to your car, or do you not want someone else to have remote access to your car.

I only ask, because I do want the ability to control my car from a remote location. (We’ll ignore the fact that I have no real use for this feature.) I think it would be cool. ­čÖé

Anonymoussays:

Lots of Questions

1) Are customers informed of this ‘feature’ when they buy the car?

2) Are these black boxes removed from cars who don’t use dealer financing?

3) Is the black box removed when the car is paid off? If not, does the dealer’s access get revoked somehow?

4) Does the car owner have access to this feature? Can he disable his car while he’s away on vacation as an extra security measure?

5) Do bad things happen if the car no longer receives signals from the network? e.g. If the owner places a Faraday cage around the thing, or Pay Technologies goes out of business and stops transmitting, what happens. Does the car need a periodic ping to stay alive?

Anonymoussays:

Re: Lots of Questions

I dug into the product specs to answer my own questions:

1) Yes

2) Yes

3) Ideally yes, but what happens if the dealer goes out of business?

4) Yes, for an extra fee.

5) In addition to the dealer remote control that the article highlights, it looks like the driver needs to enter a dealer provided code every few weeks to keep the car running. Sounds like bad things might happen if the dealership or pay-tech folds and can’t provide you with your next week’s DRM code.

-In addition, it has an added gps(?) feature to help dealers (and their disgruntled ex-employees) locate cars that they want to repossess. — Obvious privacy implications to consider.

A/Csays:

Removal of Boxes

I’m wondering just how often someone good with a screwdriver and a soldering iron just removes the box from a car that he/she purchased in this manner. Seems, like it would go a long ways towards eliminating the problem. If they hooked the box up to a 12 volt power source after removing it, and left it in their garage, that would pretty much make the entire system useless.

Ubi-Dealership coming next year

I can’t wait until Ubisoft diversifies into the automobile market and requires an always on internet connection to be able to drive your car. If at any time you lose connectivity, your vehicle automatically shuts down. But don’t worry, the online system saves your state, so as soon as your network connection is re-established your vehicle will resume traveling in the same direction and at the same speed.

Re: Ubi-Dealership coming next year

Endless permutations!!!
You wrote: “I can’t wait until Ubisoft diversifies into the automobile market and requires an always on internet connection to be able to drive your car.”

Late on your car payment – car turned off.
Run a red light – car turned off.
Late on your maintenance – car turned off
Auto incident above a certain “G” force – car turned off.
In car DVD player, unauthorized content – car turned off
Ford parts installed in a Chevy – car turned off.

Lawyers – $happy$

Anthonysays:

Funny Guy! Hacking into computer systems!!

This guy was in the wrong profession if he could hack into the database like that!! I was actually looking for posts about buying a new car and found this one! very funny!

If someone is looking to buy a new car here is an interesting article about the best time to buy one I just read http://www.lifedaily.com/when-is-the-best-time-to-buy-a-car/ hope you find it useful too.
A.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop ┬╗

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...
Older Stuff
13:40 It's Great That Winnie The Pooh Is In The Public Domain; But He Should Have Been Free In 1982 (Or Earlier) (35)
12:06 Norton 360 Now Comes With Crypto Mining Capabilities And Sketchy Removal Process (28)
10:45 Chinese Government Dragnet Now Folding In American Social Media Platforms To Silence Dissent (14)
10:40 Daily Deal: The 2022 Ultimate Cybersecurity Analyst Preparation Bundle (0)
09:29 A Fight Between Facebook And The British Medical Journal Highlights The Difficulty Of Moderating 'Medical Misinformation' (9)
06:29 Court Ruling Paves The Way For Better, More Reliable Wi-Fi (4)
20:12 Eighth Circuit (Again) Says There's Nothing Wrong With Detaining Innocent Minors At Gunpoint (15)
15:48 China's Regulatory War On Its Gaming Industry Racks Up 14k Casualties (10)
13:31 Chinese Government Fines Local Car Dealerships For Surveilling While Not Being The Government (5)
12:08 Eric Clapton Pretends To Regret The Decision To Sue Random German Woman Who Listed A Bootleg Of One Of His CDs On Ebay (29)
10:44 ICE Is So Toxic That The DHS's Investigative Wing Is Asking To Be Completely Separated From It (29)
10:39 Daily Deal: The 2022 Complete Raspberry Pi And Arduino Developer Bundle (0)
09:31 Google Blocked An Article About Police From The Intercept... Because The Title Included A Phrase That Was Also A Movie Title (24)
06:22 Wireless Carriers Balk At FAA Demand For 5G Deployment Delays Amid Shaky Safety Concerns (16)
19:53 Tenth Circuit Denies Qualified Immunity To Social Worker Who Fabricated A Mother's Confession Of Child Abuse (35)
15:39 Sci-Hub's Creator Thinks Academic Publishers, Not Her Site, Are The Real Threat To Science, And Says: 'Any Law Against Knowledge Is Fundamentally Unjust' (34)
13:32 Federal Court Tells Proud Boys Defendants That Raiding The Capitol Building Isn't Covered By The First Amendment (25)
12:14 US Courts Realizing They Have A Judge Alan Albright Sized Problem In Waco (17)
10:44 Boston Police Department Used Forfeiture Funds To Hide Purchase Of Surveillance Tech From City Reps (16)
10:39 Daily Deal: The Ultimate Microsoft Excel Training Bundle (0)
09:20 NY Senator Proposes Ridiculously Unconstitutional Social Media Law That Is The Mirror Opposite Of Equally Unconstitutional Laws In Florida & Texas (25)
06:12 Telecom Monopolies Are Exploiting Crappy U.S. Broadband Maps To Block Community Broadband Grant Requests (7)
12:00 Funniest/Most Insightful Comments Of 2021 At Techdirt (17)
10:00 Gaming Like It's 1926: Join The Fourth Annual Public Domain Game Jam (6)
09:00 New Year's Message: The Arc Of The Moral Universe Is A Twisty Path (33)
19:39 DHS, ICE Begin Body Camera Pilot Program With Surprisingly Good Policies In Place (7)
15:29 Remembering Techdirt Contributors Sherwin And Elliot (1)
13:32 DC Metro PD's Powerful Review Panel Keeps Giving Bad Cops Their Jobs Back (6)
12:11 Missouri Governor Still Expects Journalists To Be Prosecuted For Showing How His Admin Leaked Teacher Social Security Numbers (39)
10:48 Oversight Board Overturning Instagram Takedown Of Ayahuasca Post Demonstrates The Impossibility Of Content Moderation (10)
More arrow
This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it