HFU HF Underground
General Category => General Radio Discussion => Topic started by: Fansome on March 18, 2010, 0203 UTC
-
http://www.wired.com/threatlevel/2010/03/hacker-bricks-cars
Hacker Disables More Than 100 Cars Remotely
By Kevin Poulsen
More than 100 drivers in Austin, Texas found their cars disabled or the horns honking out of control, after an intruder ran amok in a web-based vehicle-immobilization system normally used to get the attention of consumers delinquent in their auto payments.
Police with Austin’s High Tech Crime Unit on Wednesday arrested 20-year-old Omar Ramos-Lopez, a former Texas Auto Center employee who was laid off last month, and allegedly sought revenge by bricking the cars sold from the dealership’s four Austin-area lots.
“We initially dismissed it as mechanical failure,” says Texas Auto Center manager Martin Garcia. “We started having a rash of up to a hundred customers at one time complaining. Some customers complained of the horns going off in the middle of the night. The only option they had was to remove the battery.”
The dealership used a system called Webtech Plus as an alternative to repossessing vehicles that haven’t been paid for. Operated by Cleveland-based Pay Technologies, the system lets car dealers install a small black box under vehicle dashboards that responds to commands issued through a central website, and relayed over a wireless pager network. The dealer can disable a car’s ignition system, or trigger the horn to begin honking, as a reminder that a payment is due. The system will not stop a running vehicle.
Texas Auto Center began fielding complaints from baffled customers the last week in February, many of whom wound up missing work, calling tow trucks or disconnecting their batteries to stop the honking. The troubles stopped five days later, when Texas Auto Center reset the Webtech Plus passwords for all its employee accounts, says Garcia. Then police obtained access logs from Pay Technologies, and traced the saboteur’s IP address to Ramos-Lopez’s AT&T internet service, according to a police affidavit filed in the case.
Ramos-Lopez’s account had been closed when he was terminated from Texas Auto Center in a workforce reduction last month, but he allegedly got in through another employee’s account, Garcia says. At first, the intruder targeted vehicles by searching on the names of specific customers. Then he discovered he could pull up a database of all 1,100 Auto Center customers whose cars were equipped with the device. He started going down the list in alphabetical order, vandalizing the records, disabling the cars and setting off the horns.
“Omar was pretty good with computers,” says Garcia.
The incident is the first time an intruder has abused the no-start system, according to Jim Krueger, co-owner of Pay Technologies. “It was a fairly straightforward situation,” says Krueger. “He had retained a password, and what happened was he went in and created a little bit of havoc.”
Krueger disputes that the horns were honking in the middle of the night; he says the horn honking can only be activated between 9 a.m. and 9 p.m.
First rolled out about 10 years ago, remote immobilization systems are a controversial answer to delinquent car payments, with critics voicing concerns that debtors could suffer needless humiliation, or find themselves stranded during an emergency. Proponents say the systems let financers extend credit to consumers who might otherwise be ineligible for an auto loan.
Austin police filed computer intrusion charges against Ramos-Lopez on Tuesday.
-
HAHAHAHAHAHA! ;D
Rock on, Ramos-Lopez!
Peace!
-
I would expect that these devices (the ones in the dashboard) will be ruled illegal.
Years ago, I worked for a company that did microprocessor systems. We provided a special-effects system to a company in Hollywood; they refused to pay us. So, we put a "logic bomb" into the software, and told the customer that their system would stop working if they didn't pay us. Sure enough, they did not pay us, and the system shut down.
They sued us, and the court ruled that the fact that we were not paid did not give us the right to disable their system. The court's opinion was that the two issues were separable, and that we needed to sue the customer to get our payment, rather than disabling the software. Of course, we never got paid, since the cost of suing would have exceeded the amount we were owed. The offender finally shut down after defrauding many other companies all over southern California, and, as far as I know, never paid anyone back. Of course, this is the California way.
I think that this is the same situation, and the courts will rule the same way. I have no sympathy for people who buy cars and do not pay for them, but I also object to having devices implanted in products that I buy that can be used to disable them, or worse, without my knowledge.
-
They sued us, and the court ruled that the fact that we were not paid did not give us the right to disable their system. The court's opinion was that the two issues were separable, and that we needed to sue the customer to get our payment, rather than disabling the software.
Counterpoint: The ability to remotely disable a user's system is widely used and accepted in the cable and satellite TV industry and has been for a couple of decades.
It is also the focus or DRM in all furute TV's, DVD's, music players, computers, **everything** if the MPAA/RIAA lobbiests get their way.
Peace!
-
to see how we do this in holland , watch this
http://www.youtube.com/watch?v=z3ESRmg-r3w&feature=channel (http://www.youtube.com/watch?v=z3ESRmg-r3w&feature=channel)
here some nerds are taking over control from a porce 911
it is in dutch but it go`s like , come and see this dude have hacked a 911
the other dude says can you make it a cabrio , the nerd sure dude , look how the people look to the car on the garden bench :o
the other guys in the room din't believe him so the ask to switch on the blinking lights
now its going to be realy laughing , the dude switch on the engine and give lots of gas
the people around the car can't believe there eyes
and then he is going to take a short ride
for sale nice porce 911 , with a little scratches on the side , and blow of turbo
lol !!!!
-
"the system lets car dealers install a small black box under vehicle dashboards that responds to commands issued through a central website, and relayed over a wireless pager network"
Ho!
Can you say "class action" suit?
-
I believe that the buyers knew that the devices were installed - or at least signed the paperwork that said they were aware of it, whether they read it or not. they apparently install them as part of the deal that let people with lousy credit buy cars on a financing plan. "Let us install this device that lowers our risk and we'll loan you the money to buy a car; otherwise, you're out of luck."