Disgruntled Ex-Employee Remotely Disables 100 Cars

hansamurai writes "Over one hundred cars equipped with a Webtech Plus blackbox were remotely disabled when a former employee of dealership Texas Auto Center got hold of his employer's database of users. Webtech Plus is repossession software that allows the dealership to disable a car's ignition or trigger the horn to honk when a payment is due. Owners had to remove the battery to stop the incessant honking. After the dealership began fielding an unusually high number of calls from upset car owners, they changed the passwords to the Webtech Plus software and then traced the IP address used to access the client to its former employee."

I don't understand

[commodoresloat]

Can someone explain this article to me using a car analogy?

Re:I don't understand

[tomhudson]

Can someone explain this article to me using a car analogy?

Sure. You don't qualify for a car loan, but they'll sell you a car, with a 5% per month interest rate, all sorts of fees, and a "you pass by the office by such-and-such a date with the cash or we kill your car" deal. Lots of cash income, much of it undeclared by the dealer, since the financing is not reported to credit rating agencies (it's called "in house financing" for a reason :-)

The car analogy? It's like getting a sh*tty deal on a sh*tty car.

Re:I don't understand

[couchslug]

To be fair, there are plenty of used car dealers who don't overcharge but do sell to not-terribly-reliable clients. They need a way to get their vehicle back when those clients quit paying.

Re:I don't understand

[tomhudson]

To be fair, there are plenty of used car dealers who don't overcharge but do sell to not-terribly-reliable clients. They need a way to get their vehicle back when those clients quit paying.

Here, let me fix that for you:

"To be fair, there are plenty of used car dealers who overcharge when they sell not-terribly-reliable cars to not-terribly-reliable clients. They need a way to get their vehicle back when those clients quit paying so they can flip them to the next sucker."

40% or more a year interest, extra fees, inflated "deposits" that are inevitably forfeited as soon as the sucker is one day late, the car repoed and the customer STILL owes the full amount as damages, "it's not a sale, it's a lease - at the end you can buy it for $100.00" - when at the end it's $100 + fees.

It's the auto equivalent of pay-day loans.

Re:I don't understand

[clarkkent09]

Yet those things have their place too, and they allow the worst of the deadbeats to somehow get a car. After all, it's not like getting a regular car loan from a reputable dealer is particularly difficult. I have a friend who works part time in a $12/hr job, has terrible credit history and no assets worth mentioning and she just got financing for a small used car from Carmax with an interest rate of 16%. People who have to get the deals like you mentioned are the ones that nobody in their right mind would loan money to except under those conditions. If they are being harsher than necessary on their customers then somebody (why not you?) will step in and be a slightly less harsh and take all the business.

Re:I don't understand

[adonoman]

Or you can just set up automatic payments for everything. I'm neither wealthy, nor a school teacher, but every monthly payment I make is automatically pulled out of my bank account without my interference. Car loan, student loans, phone, cell phone, internet, water / sewer, electricity / natural gas, mortgage, city taxes, car insurance, house insurance, even retirement savings, and donations all just happen. My pay-cheque is direct-deposited as well, so really the only interaction I have with the bank is when something changes. Otherwise, all I have to do is check my monthly statements to make sure everything's fine. I've never had a late payment, since in general, it's not up to me to make the payment.

Re:I don't understand

[plover]

Why? Do the "worst of the deadbeats" somehow still deserve credit? Credit isn't a basic human right. For that matter, owning a car isn't a basic human right, either.

If the deadbeats "need" a car, they really "need" to save enough money to buy one. I'm sorry about your destitute friend's situation, but I didn't extend her the credit that she defaulted on in the first place. I didn't give her the bad debt history. If she "hit a rough patch", she was already overextended when she hit it. Her creditors deserved to lose the money they never should have loaned her in the first place, but they also have the right to honestly report her repayment behavior to the credit bureaus -- it's why they keep track of such things.

Anyone stupid enough to loan money to someone who has walked away from their previous debts deserves the chance to lose any money they loan that person. Usurious loans fall under that category, too.

Re:I don't understand

[sodul]

I suppose you are trolling but I'll answer your question: it is because there is a higher risk they will never see their money back. If you lend money to 100 people and 10% of them will not repay you, you cannot expect to gain anything if the loan rate is under 10% do you ? If you take an other set of 100 people where you expect only 1% of non payment then you can give them a much better rate.
It just happen that people with large disposable income are less likely to default on a loan.

Re:I don't understand

[AK+Marc]

If she "hit a rough patch", she was already overextended when she hit it.

That's false. For one, about half of all bankruptcies in the US are caused by people with medical insurance who can't pay their medical bills. And another, if you want to get a divorce, just start an account and tell your partner "that's the divorce account so that I won't be overextended in case of divorce." That's only slightly worse than hiding money away without telling them what it's for.

Re:I don't understand

[ooshna]

Anyone stupid enough to loan money to someone who has walked away from their previous debts deserves the chance to lose any money they loan that person. Usurious loans fall under that category, too.

Must be nice to live in a perfect little world where you are the sole person that can hurt your credit. My uncle doesn't talk to my grandmother because when he was in college she got a few credit cards in his name and destroyed his credit. When he got out of college he had student loans to take care of.

Re:I don't understand

[ePhil_One]

If the deadbeats "need" a car, they really "need" to save enough money to buy one

I've bought 3 cars in my life for under $200 each, you don't "need" to buy a car on credit.

Anyone stupid enough to loan money to someone who has walked away from their previous debts deserves the chance to lose any money they loan that person.

And if they've loaned that money on the condition they can reclaim the car/home/kidney if the debtor stops paying, they have the right to reclaim it. I'm pretty confident those dealers aren't losing money on these loans. Its a much worse deal for the consumer than it is for the dealer, you can be sure of that

Re:I don't understand

[OzPeter]

For one, about half of all bankruptcies in the US are caused by people with medical insurance who can't pay their medical bills.

I used that fact on another forum, and someone countered that the amount of $$$ that the bankruptcies were for was in the order of $1000 or so. My first thought was - "bastard, shoot my argument down why don't you". Then my second thought was "Jeez, is that how little money separates the majority of people from bankruptcy. Thats really sad".

Re:I don't understand

[BitZtream]

You do realize that all of it is in the contract you sign up front so you know what you are spending if you bothered to read.

Second, you won't find a contract that says you have time after the due date before they can collect the item. Every contract states clearly that the instant you are late they can start the recovery process. If you don't want them to start the recovery process, follow the rules. If you don't like the rules, don't sign the contract, its not hard.

Just because you're used to living in a world where companies realize that most of the time its easier to float you a few days than it is to start the collection process and piss you off doesn't mean you have any sort of right or expectation that you should be able to bend the rules of the contract.

Its funny, you think its okay for you to bend the rules, but not for them to make unfair ones.

Thats pretty fucked up if you really sit down and think about it.

Re:I don't understand

never understood why banks expect to make money by charging higher interest rates to those who are least able to pay in the first place.

Perhaps because you aren't very bright? Its statistics. Loan 100 people $1,000 at 30%, even if 10 don't pay you back anything, you make $17,000, a 17% return on investment. Now assume those 10 paid 25% of the loan back before defaulting, and you then succeeded in getting 8 of the cars back to resell at $1,000 each, and the two you didn't get back only cost you $200 at auction, the late fees you tacked onto the 20 who were slow paying you back, and margins go through the roof!

I have good credit, I don't understand how the bank makes money loaning me $ at 3.9% interest when I can't even get that good a rate on my mortgage

Re:I don't understand

[mcpkaaos]

>Its statistics.

No, it's just arithmetic. Stats is concerned with how likely and how often defaults may occur, not the overall gain or loss as a result.

>Perhaps because you aren't very bright?

Don't be a dick unless you are absolutely sure you are right. Even then, don't be a dick.

Re:I don't understand

[innocent_white_lamb]

Or you can just set up automatic payments for everything.
 
This works well up until there is a problem or billing dispute. For example, I know of someone who had automatic payments being made from their account to the electric company. The utility decided that some damage that he didn't think he was responsible for was, in fact, his responsibility so they withdrew $7500 from his bank account. He discovered this when his other cheques and whatnot started bouncing.
 
I have nothing set up for automatic payments. It doesn't take that long to write someone a cheque and put it in the mail, and I retain control of my own bank account and know that money won't be magically disappearing.
 
When it comes to a billing dispute, I would prefer to have them coming after me for money rather than be in a position where I am trying to get my money back from them.
 
I pay my bills but I want to know exactly how much I'm paying and what I got for my money. Then I'll write you a cheque.
 
In that order.

Re:I don't understand

[tomhudson]

They were pulling numbers out of their asses. The Harvard study says it's a lot worse. http://content.healthaffairs.org/cgi/content/full/hlthaff.w5.63/DC1

Among those whose illnesses led to bankruptcy, out-of-pocket costs averaged $11,854 since the start of illness; 75.7 percent had insurance at the onset of illness. Medical debtors were 42 percent more likely than other debtors to experience lapses in coverage. Even middle-class insured families often fall prey to financial catastrophe when sick.

and

Debtors with private insurance at the onset of their illnesses had even higher out-of-pocket costs than those with no insurance (Exhibit 5). This paradox is explained by the very high costs--$18,005--incurred by patients who initially had private insurance but lost i

Just look at the "out-of-pocket" expenses - and keep in mind that this doesn't include having to continue to pay insurance premiums while losing revenue because you're ill ,,, url:http://content.healthaffairs.org/content/vol0/issue2005/images/data/hlthaff.w5.63/DC1/Himmelstein_Ex5.gif?

Re:I don't understand

[Eivind]

If -that- isn't an argument that your medical system is fundamentally FUBARed then I don't know what is.

It's the worlds most expensive by far, has mediocre results (compare infant mortality or any other stat you can think of to any other country that spends above half the amount you spend) AND it regularily brings families into financial ruin, families that are ALREADY facing seriuos health-problems of one of the family-members, even those who HAVE insurance. (nevermind those who don't)

It's COMPLETELY incomprehencible to me that anyone is willing to accept that crap. Seriously.

Re:I don't understand

[treeves]

Well, it does involve statistics, as he said, the probabilities that people will default, etc. but your point still stands. Even when you're right, don't be a dick.

Re:I don't understand

[Bert64]

Sounds like a flaw in the banking system in your country...
In the UK we have standing orders and direct debits, standing orders are a fixed amount decided on by you and are great for loan payments and the like where the amount never changes...
For variable amounts like utility companies etc, we have direct debit which offers a guarantee similar to a credit card - you file a dispute and your meant to get the money back immediately while the dispute is sorted out... They also have to notify you a couple of weeks before taking the payment, so you have the opportunity to stop a payment that looks wrong in which case the company will come after you normally.

I don't have a cheque book, banks here often don't supply them by default and many places don't accept them at all. I hate receiving cheques because they're a hassle to deal with, i have to go to the bank during its limited opening hours (when i'm usually working), fill out a form to deposit it, stand in line and then wait 5 days to actually get the money or find out something has failed and i don't actually have the money at all.

Re:I don't understand

[silentcoder]

And yet you folks still seem to honestly believe the "socialized medicine" would leave you WORSE off than you are ?

*shakes head sadly*

Re:I don't understand

[silentcoder]

And the counterpoints...
1) Right now America's biggest problem isn't doctors testing too much - it's too LITTLE testing. Americans don't do any preventative medicine choosing to go to the doctor only when the damage done is already severe.
Guess what - early detection and preventative care is not only better for saving lives, it generally costs a lot less to provide.

The old adage goes that "early detection of cancer means before there are serious symptoms" - how do you equate that with a system where people are afraid to go to a doctor until the symptoms are severe ?

More importantly - I didn't say medicine should always be provided by the government, there are some possible valid concerns there though it's clear to me that your "medicine market" system comes down to saying "the right to life is on the lawbooks but only for rich people". I put "socialized medicine" in quotes on purpose - specifically to point out that I am using the term as it's use by America concervatives - to mean "any medicine not supplied with the intention of maximizing corporate profits.

The point is - I think the vast majority of Americans would get better and more frequent medical care even with the kind of government run single-payer form of universal healthcare found in countries like cuba.

My own country uses multipayer universal healthcare e.g. there are both private medical facilities and public ones. Medical insurance companies (who generally take bulk contracts with employers offering you better rates) that pay for private care, while public is free-for-all.
The catch here is that we're a very poor country - so public means long waits and overworked staff. Despite that, a few years ago I got in a motorcycle crash when I was uninsured, went to a public hospital and got excellent care and thus survived without any lasting injuries.

Brazil is just a little richer than my native South Africa, I used to be a very regular traveler there. They too have multipayer system like we do, but they have a somewhat richer country. On one of my trips I got sick, simple virus infection. Here - I would save my precious medical-savings-account (insurance part only kicks in if you're hospitalized) and just heal up at home.
There I was instantly dragged to a clinic by my hosts. True I had to wait about two hours to be helped (if I went to a private one with an appointment I could skip that, but I'd literally be paying for the convenience - the care is identical).
Once I got to a doctor though, I was fully examined. I was then prescribed a course of immune-boosting vitamins, given 3 hours of pure oxygen (another immune booster) and a series of shots to prevent secondary infections... basically 5 hours of care (suddenly waiting 2 hours isn't so bad by comparison).
Whereas normally a flu virus knocks me out for up to two weeks, I was back on my feet in 3 days.

For 86 out of 100 patients - this care won't save their lives, just get them back to work a bit quicker (hmmm isn't that GOOD for the economy ?) but now what about that 14% of people in whom influenza is fatal ? This kind of treatment probably drops the fatality rate in that country to 7% or lower (I haven't checked the numbers - but it's obvious that massive preventative care in patients having a disease with a low fatality rate would lower it).

And do you know what I paid for all those shots, the oxygen treatment, the doctor's time and the huge bottle of pills they gave me ? Squat. No bill. Not even one penny. It's free - even to a foreign tourist. The form I was given to fill in had a place for my name and age, the rest of it was valid questions on my medical history. Nobody cared about my billing address.

If Brazil can afford to give high quality medical care to it's citizens for free - America has no excuse.

Do you realize that America is the ONLY industrialized nation on the PLANET with no guaranteed free healthcare option available to all citizens ? There isn't even ONE other industrialized country where poor people HAVE t

Re:I don't understand

[ChrisMaple]

Yes, charging higher interest rates to those least able to pay does exacerbate the problem. Tell you what: get together with a bunch of like-minded people, pool your money, and loan it out to deadbeats at a lower rate than banks.

Re:I don't understand

[ZeroSumHappiness]

It's more like the people who /look/ like they won't be able to pay it back make it profitable only if you make them pay a lot. Sucks to have bad credit, sucks more if you don't want to keep bad credit.

Re:I don't understand

[Sally+Forth]

I'm not sure we'd have been out sooner from a Canadian hospital. A matter of hours was from arrival to dismissal. Enter a U.S. hospital, and you go to triage in seconds. It took a few hours for them to admit him, check his vitals, get him into a room, have two doctors and a medical student look at his hand, get an ultrasound done (there was no pus so they couldn't culture it), and have someone sign off on dismissal once they'd written out the prescription for me.

The reason why it can take hours once you're admitted and through triage is because emergency rooms are not allowed to turn anyone away for any reason regardless of ability to pay, citizen status, etc. so anyone and everyone who doesn't have insurance and/or is outside doctor's hours will go to the emergency room for anything from congestive heart failure to a sliver in the finger.

See, I'm not from urban America, and I'm probably not from any of the areas you visited. I'm a rural New Englander. I live in an agricultural corridor, and most of what I've learned about the way the world works comes from my experiences in farming. The problem with health care is that everything in the world has a cost. It costs in money, or in time, or in supplies, or all three. Patch your own pants and it costs an hour. Buy a new pair and it costs $15 where I shop for pants. If you make $15 or more an hour, it makes more sense to work an extra hour and buy the pants than to patch them.

The problem comes when things are offered for a lower price than what they actually cost. It's nice to SAY that healthcare should be 'free', but you know as well as I do that if you get your medical degree, set up shop, and do not charge customers, you'll end up with nothing for supper when you're done treating the patients. You'll also be overrun with patients who could afford their own care.

People like free services and will use them more often when they don't cost. How much more do you consume at an all-you-can-eat restaurant? How much more often do you use a free service? When healthcare is free, people no longer ask themselves, "Do I really need this scraped knee bandaged by a nurse?" or "Is my cold really severe enough to warrant emergency treatment?" Why not get it done anyways, just to be sure? It's free!

Different governments handle this in different ways. Many have the government, having placed an artificial cost on the service, now place an artificial limit on the people. They decide how many times a year you can have a physical, which treatments you can receive, how much money you can cost The Society before you're not worth saving. It sounds cruel, but it's a simple fact of life... if you do not govern yourself, someone else will have to govern you.

Are you IN Europe? Your numbers don't match up. You say that 30% of the population earn $5/week. Then you say that the poverty rate is much lower in Europe than in the U.S. and the poor live better in Europe. However, $5/hour is below America's minimum wage, and only about 12% of the population is at or under the poverty level of $22K/year for a family of four, less for a smaller family, more for a larger one. The median household income in the U.S. is second only to Switzerland.

As for the way that the poor live in Europe, I only have one example, a friend of mine in Holland who lost his job during the economic downturns in 2002. I urged him to get some treatment for his chronic, congenital health condition (a form of rheumatism). He had no access to healthcare. In Holland, you must spend about $100 per year before the government kicks in and covers everything, and he did not have that first $100 to spend. There were no low-cost or no-cost charity clinics in his area, as there are in mine. I asked a couple of people also in Holland if they could help him, and got the startling reply that that's what the government is there for, they pay more than enough taxes for it. The lack of generosity startled me, because I am used to seeing someone in need and asking immediately wha

Re:and

this makes front page of slashdot, why?

Because it makes the idiots who claim this kind of backdoor would never be misused look bad. Why are you protesting so much, anyway?

So...

How long until the police/feds/intelligence/etc get to start using this on civilians?

Re:So...

[fuzzyfuzzyfungus]

Already in the field.

Even better, Onstar, unlike this service, cuts across multiple demographics. Most of the people with credit so shitty that used car vendors are installing remote kill switches are probably the sort that the police already know how to "deal with", so to speak(after all, what is some overworked public defender going to do about it if they 'slip and fall' during a little friendly questioning?). Onstar, though, is a service that gives you access to the sort of people you can't just pull over and shake down....

Re:So...

[tomhudson]

How long until the police/feds/intelligence/etc get to start using this on civilians?

They already are. See the latest OnStar commercials. If they're chasing you and you don't stop, they can either slow your car down, kill it, and/or make it start honking and flashing lights. And they can keep you locked in your car.

They've also been caught using it to spy on people by activating the voice channel.

Never buy a vehicle with OnStar.

Re:So...

[maxume]

If the vehicle is otherwise a good deal, I think it is fairly straightforward to either pull the fuse or disconnect the antenna.

Re:So...

[gandhi_2]

OnStar would interpret such a move as an attack.

Re:So...

[YrWrstNtmr]

And do you have any evidence that those things have been used when the owner is driving the car (even if wanted by the police) or only when the car is reported stolen?

Sure. Case in Las Vegas. Note that the FBI's use was not deemed illegal/inappropriate, but rather that it denied the user/owner of use during that time.

Re:So...

[gandhi_2]

oh jeebus.

Come on, man. really?

Re:So...

[Mr2001]

That's awfully glib. How do you propose people save up the money to buy a car with cash, if they can't get to work because they don't have transportation? This is America, after all, where public transit is between nonexistent and useless in most cities.

Re:So...

[tomhudson]

Sounds like GM can forget about getting any of my money.

they already got it - billions of it. Bail-out bux.

Re:What a dolt . . .

or the Brown Note?

What a maroon.

If you're going to play around with your ex-employer's systems like that, you don't do it from your own home. You go interstate, to a 'net cafe, and do it from there! Sheesh. Kids these days.

Re:Should have changed password right away

[MDMurphy]

Since I RTFA I know that he used someone else's password.

Re:and

[DigiShaman]

At least Slashdot got it right unlike Wired who states it was an act of "hacking". WTF Wired, it wasn't a hack. It was as simple act of intrusion without authorization. Nothing special or fancy was required to do so.

Moron

[CSHARP123]

If not that job, go find another what did he achieve doing this may be getting pounding in the ass in Federal Prison. Now he cannot get anymore job anywhere.

Re:Moron

[aztektum]

>.<

Oh man, trying to read that hurt. Punctuation is our friend.

Re:Moron

[Threni]

> Punctuation is our friend.
>
>--
>:: aztek ::
>No sig for you!!

Uh..it's easy to get carried away, however...

This sounds like some great software.

[physicsphairy]

I would definitely be interested in buying a car that can be triggered to shutdown or start blaring its horn remotely! Is there anyway to buy one with a built-in bomb?

Re:This sounds like some great software.

I think a new Toyota would be exactly what you're looking for.

Another disgruntled employee

[CODiNE]

When are bosses going to learn to stop taking away their gruntles??

Re:Another disgruntled employee

[hey!]

"Disgruntled" is a word with very interesting origins. On the surface, it is one of those words (like "non-chalant") that appears to be a compound suggesting a non existent opposite word (like "chalant")

The OED cites P.D. Wodehouse for "gruntled", but obviously Wodehouse was playing with the language here when he suggests that it means "satisfied". "Gruntle" is actually a word, but it is an obsolete one. It is not the opposite of "gruntle". "Gruntle"/"disgruntle" is a word pair more like "flammable"/"inflammable"; the "in-" prefix in "inflammable" is not the "in-" that means "not" ; it is the "in-" prefix that means "in, into or onto". The "in-" in "inflammable" is a cognate of the prefix "en-", as in "enraged".

"Dis-" in "disgruntled" is from a much rarer and erudite Latin sense of "dis", one that means "utterly". Both the "utterly" sense of "dis" and the "not"/"lack"/"opposite of" senses come from a Proto-Indo-European root mean "to separate".

So we should take "disgruntled" to mean "utterly gruntled", not "un-gruntled". So what is "gruntle" supposed to mean? Technically, "gruntle" is the frequentive form of "grunt". A "frequentive" verb is one that indicates a continual, incessant action. The word "gruntle" originally came into English meaning the incessant sounds made by an inconsolably upset pig. Later by metonymy it came also refer to the pig's snout (the part he gruntles with), and later the word was used to describe the faces of people in an unpleasant mood. There are not so many useful Latin prefixes for amplification, and "supergruntled" does not trip off the tongue, so "disgruntled" became the word for a person whose face expressed a very unpleasant mood.

Maroons make the news

[Spy+Handler]

Non-maroons who do stuff like this, do it from net cafes using a chain of anonymous proxys, and they do not get caught.

It's just the maroons like this one that you hear about.

Re:Maroons make the news

[OzPeter]

Non-maroons who do stuff like this, do it from net cafes using a chain of anonymous proxys, and they do not get caught.

It's just the maroons like this one that you hear about.

If I was ever going to consider doing this I'd buy a cheap laptop off Craigslist for cash, and then buy a wireless card for cash from another location, and then drive to some community in the middle of nowhere and look for an open wireless AP. After which I would then pass said laptop through a shedder .. a really big shredder.

Re:Maroons make the news

[base3]

And make for fscking sure you weren't carrying a cell phone with a battery in it, driving a car with OnStar, or doing anything else that can put you anywhere near the location of the AP you're connecting to. Oh, and avoiding cameras would probably be good, too.

Re:Maroons make the news

[base3]

Hmmm . . . or gen up a copy of some plates of a car of a similar make and model and put them on the car near the AP. Probably a bad idea to drive with fake plates on the highway, but in a residential area, should be fine so long as you don't run stop signs or look out of place. Not that I've thought this through or anything--oh, there's someone at the door :) . . .

Re:Back door?

It is a back door. It's a back door installed by the dealer into your car with the assurance that it won't be misused.

The "front door" would be for them to send you a letter when you miss a payment, and send someone over to repossess the car if you continue to miss them, but I guess they feel that the tiny number of people who would try to steal the car justifies inflicting this system on all of their customers.

Re:Back door?

[bunratty]

The real question is, why is there *one* password for all the cars?

Well, duh! Because it's easier to remember. And it's better than having a post-it for each car -- just one post-it with the one password will do!

Hmm

[ryan.onsrc]

Perhaps Toyota should review which Engineers have been fired lately.

Update of old sticker

[Cryacin]

Honk if you're Hacked!

Re:Back door?

[Cryacin]

You can even stick it on your monitor!

It's for people with crap credit

[Sycraft-fu]

They don't ask for it, the bank makes it a requirement of the loan. This way if a payment isn't on time, they can turn the car off to force the issue. You aren't going to find it on a car from a dealer, financed by a normal bank. It is for high risk situations.

Re:It's for people with crap credit

[compro01]

Or for people who own cars from GM. Onstar has this same kind of functionality.

Re:Should have changed password right away

[RobertLTux]

the correct procedure is to

1 revoke the passwords/tokens for said employee
2 redact the persons desk and figure out how long of a timeout is needed (if any)
3 after the timeout escort the employee from the property

so the three words you need to know are Revoke Redact Remove this would be the only safe thing to do

And THIS, ladies and gentlemen...

[Spy+der+Mann]

...is the perfect example (and with car analogy indeed) of why DRM and remote product (de)activation is doomed to failure.

Re:And THIS, ladies and gentlemen...

[BitZtream]

Shrug, several people pay for these features.

LoJack and OnStar, services which cost considerably yearly fees have this feature as a selling point.

In this case its used just like LoJack. The bank requires it be installed on cars of jackasses who no one wants to finance due to their history. It in fact is something that allows the bank to feel confident that the risk of the loan is not unacceptably high for someone who indeed is an unacceptably high risk. Its really no different than the higher interest rate or larger down payment they require. Its all risk mitigation.

It is an example of what happens when a good idea gets used for bad things.

Guns intended for sport can be used to kill people.
Trucks to carry product to stores can be turned into rolling bombs.
Remote wipe on your blackberry/iPhone/Treo/Whatever can be used to protect your data or destroy it.

Lots of things with good, perfectly acceptable intentions can be fucked up by a bad person. If your entire DRM argument revolves around this single retarded point, you're going to fail.

If you want to get rid of DRM there have to be equal or better alternatives. Since these people couldn't buy a car without DRM, there are infact not only no better deals, there are no equal deals, and in fact no deals at all with that option off the table.

This isn't a case of using DRM to force people to buy multiple copies of the same thing to use it on multiple devices. This isn't DRM being used to restrict what you can do with something after you paid for it.

This is DRM being used to restrict something that has not in fact been paid for yet. If the people walked in and didn't require a loan, there would be no DRM. The cheaper alternative in fact has no DRM.

Your comment could not be more wrong. This is a shining example of DRM being used to benefit all involved, and shows how one douche bag can still fuck it up for you anyway.

Either way, you're an idiot if you think this is some shining example of how DRM is bad. Without the DRM, they wouldn't have had a car to be disabled or to be inconvenienced because it wouldn't start or the horn was honking.

Re:And THIS, ladies and gentlemen...

[jimicus]

...is the perfect example (and with car analogy indeed) of why DRM and remote product (de)activation is doomed to failure.

Actually, this is a perfect example of why remote product deactivation is a great idea (it reduces the risk involved in selling a car on credit to people who are lousy credit risks), there are just some glitches that need ironing out. If it had been authenticated with a certificate which could be revoked as soon as the employee left (even better - build the certificate revoking process into the "remove employee from computer system" process) it'd be much less of an issue.

If you want an example of why remote product (de)activation is a lousy idea - and one with a car analogy - there was one on /. a couple of years back about a gated multi-storey car park where the developers of the car-park remotely locked the car park (locking all the cars in) when the owner refused to pay a monthly fee.

Re:Back door?

[Trogre]

No.

The real question is what the blistering hell are remote kill switches doing on cars in the first place?

I'm sure there's an iPhone analogy somewhere here...

Re:and

[ThePengwin]

<sarcasm>
Of course its hacking! how else could someone do that???
Next you're going to say that someone guessing a Facebook password isn't hacking!!!
</sarcasm>

They shouldn't be able to listen, but more complex

[Oxford_Comma_Lover]

> Never buy a vehicle with OnStar.

The system should be more or less hard-wired so that it notifies you when the microphone activates for any reason. But as a consumer, I might be willing to accept the possibility of listening in for the added level of safety. I'd be a helluvalot MORE likely to do so if they needed a warrant to listen, but even so, it's good to have an added level of redundancy in your safety systems. Keeping a cellphone, being able to get to a cell phone, the cell phone working where you are, and knowing who to call and how to report your position, are all single points of failure. You can work around some of them--e.g. calling 911 instead of the local police--but the more redundancies, the better.

This is doubly true if you have a family, in which case you're buying not for your own safety, but for that of other people. To my mind, that's a greater responsibility.

The real danger, of course, is warrantless recordings, mass recordings, and data-mining.

Re:Back door?

[Jah-Wren+Ryel]

The real question is, why is there *one* password for all the cars? Shouldn't it be one password for each employee who has access to log into the "car disabling" server which then sends the lockdown signal using a trusted certificate?

They shouldn't have to change the passwords at all, just delete the employee's user account.

No. That's not the real question. It's a stupid ass question because it was answered in article.
Each employee does have an account. His account was even disabled. He used another employee's account.

Man, you got a +5 for "I didn't read the article" - I can understand no one bothering to mod you down, but +5 stupid? Come on...

Repo in AZ

[Frank+T.+Lofaro+Jr.]

Or do what Arizona does where all the dealer has to do (other than a few formalities) is ask you to return the car, OR ELSE.

Since the OR ELSE in Arizona is a class 6 felony!

Facing up to 2 1/4 years in prison and being a felon for not turning it in makes having repo woman/man kinda redundant (surprisingly they exist, even though a dealer can have the police get the car back for free).

P.S. I'd HATE that law if I was a repo company employee or owner! Less reason to be used, and people in prison don't drive cars and felons have trouble getting them, so bad for repeat business. I can see how the deadbeats were unable to stop such a law, but surprised the repo companies didn't pay someone off to have it not pass or get repealed. There's big money in that business.

Also surprised the repo companies didn't get behind lobbying to make the remote black boxes illegal (have a "consumer protection" front lobby against it). No need to hire a repo company when all you need is a remote shutoff box and a tow truck.

As far as I know AZ is the only state with the law making it a felony to not return a car, although others make it a crime to "conceal collateral" (IL felony (*), CA misdemeanor).

P.P.S.:

(*) IL is probably the state with the most things defined as felonies I have seen. Not NY or CA or UT or anywhere else you'd expect (except maybe FL, but you don't even need to be convicted of a felony - they took people off the voter rolls in 2004 for felonies "committed" in 2007 - plus that state seems to be in a race with TX to see how pro-execution they can be.)

Re:Repo in AZ

[h4rr4r]

It's not your car, you failed to pay for it. Is the security guard who protects the banks money a scumbag too?

Re:Back door?

[frosty_tsm]

The real question is, why is there *one* password for all the cars?

Well, duh! Because it's easier to remember. And it's better than having a post-it for each car -- just one post-it with the one password will do!

One post-it to rule them all!

It Is My Sad Duty To Inform You...

[hyades1]

Dear Mr. Goosnarp:

I regret to inform you that the dealership no longer requires your services. Please don't assume that we believe you are without value as an employee and a human being, it's just that your particular skillset is not what we really need right now. Although you consistently exhibit a very high level of originality, and your computer skills easily surpass anyone else currently in our employ, we need somebody who pays more attention to the small details (cough) IP addy (cough).

We wish you well in your future endeavors, and would be delighted to supply a positive recommendation to any prospective employers who may contact us...as long as you don't do anything stupid.

Sincerely,

Your Former Boss

Re:They shouldn't be able to listen, but more comp

[dontbgay]

My sister is like that... Willing to remove all risk from her life and put control in the hands of other people for the safety of her kids. That's all well and good, but I don't need someone having the ability to remotely disable my automobile regardless of my distance from the person with their finger on the button. Sure, responsibility for my family is is important, but I don't need the specter of a nanny snooping in and judging me because I want to listen to some Middle Eastern music.

Life is risk. When you shed risk, it's usually at a price.

Re:Back door?

[Joe+U]

Will you spend 2 minutes to read the fucking article. It gets removed for free after the last payment.

If you're going to comment on something you didn't read at least pretend to know the answers.

Re:Back door?

[dubbreak]

You can even stick it on your monitor!

That's no good. What if it falls off?

Even sticking a post-it under the keyboard won't do. Safest would be writing the password on the beige crt monitor bezel using a jiffy marker.

All joking aside I've seen it done. Not sure what happens if the password changes. Whiteout?

Re:and

[hansamurai]

When I submitted it I made a particular point to remove the references to "hacking".

Re:Back door?

[KingMotley]

But what happens after the last payment is made?

Re:and a traceable intrusion

[icebike]

This guy must be an idiot to get traced to his IP address.
Don't they have free wifi Cafes in Texas?

Any dealership I've been has a free wifi in their service waiting lounge. He's out of work, plenty of time to grow a beard, buy (ok Steal) some sunglasses, a black cowboy hat, and sit in their own waiting lounge and beat them with their own stick.

Re:They shouldn't be able to listen, but more comp

[jimicus]

My sister is like that... Willing to remove all risk from her life and put control in the hands of other people for the safety of her kids.

You'd be amazed how many people are. "For the chillllldruuuun!!!" is one of those arguments that you just can't win because you either get painted as someone who'd understand if they had kids or someone who's sympathetic towards kiddie fiddlers, at which point any chance of a sensible discussion just goes out the window.

It's the modern-day equivalent to witch hunting.

power imbalance

[circletimessquare]

whenever there is a power imbalance: little guy versus organization, things like desperation can move idiots to sign really stupid contracts. therefore, if the contract itself is abusive and usurious, it does not matter that you signed the contract, what matters is that one side of the contract, the one with more power, agreed to put someone in a financially abusive situation

i can make a contract that says "if you are a day late, i get your firstborn", and some idiot will still sign that contract. because people are idiots. but the observation does not end there: evil is worse than stupid

making abusive contracts is a form of preying on the weak and helpless and stupid. the weak and helpless and stupid must be protected by society, not because they deserve it, but because the assholes who prey on them get even more powerful, and pretty soon they're enforcing abusive terms on average intelligence folks of average means

so for a well functioning society, you need to punish the usurious, you need to punish those who make up abusive terms. they are far far worse than complete idiots

not really $1000

[Uksi]

Here's a study: http://download.journals.elsevierhealth.com/pdfs/journals/0002-9343/PIIS0002934309004045.pdf ("Medical Bankruptcy in the United States, 2007: Results of a National Study")

"92% of these medical debtors had medical debts over $5000, or 10% of pretax family income. The rest met criteria for medical bankruptcy because they had lost significant income due to illness or mortgaged a home to pay medical bills. Most medical debtors were well educated, owned homes, and had middle-class occupations. Three quarters had health insurance."

So while the medical debt is not necessarily sky-high, losing your job due to illness means that you are screwed on all your debts. Car, house, etc.

Also, further down: "Out-of-pocket medical costs averaged $17,943 for all medically bankrupt families" ... this means that these families successfully paid A LOT of money (~$13K) before declaring bankruptcy and ending up in an average of ~$5K of medical debt. These are not the people that ran up huge consumer debts and declared bankruptcy. These are the people that paid every bill until they just had no money left.