Disgruntled Ex-Employee Remotely Disables 100 Cars

hansamurai writes "Over one hundred cars equipped with a Webtech Plus blackbox were remotely disabled when a former employee of dealership Texas Auto Center got hold of his employer's database of users. Webtech Plus is repossession software that allows the dealership to disable a car's ignition or trigger the horn to honk when a payment is due. Owners had to remove the battery to stop the incessant honking. After the dealership began fielding an unusually high number of calls from upset car owners, they changed the passwords to the Webtech Plus software and then traced the IP address used to access the client to its former employee."

Back door?

[zippthorne]

What back door. The ex-employee had the password. He went in the *front* door.

It's not a back door if you forget to change the locks.

The real question is, why is there *one* password for all the cars? Shouldn't it be one password for each employee who has access to log into the "car disabling" server which then sends the lockdown signal using a trusted certificate?

They shouldn't have to change the passwords at all, just delete the employee's user account.