Slashdot Mirror

← Back to Stories (view on slashdot.org)

Disgruntled Ex-Employee Remotely Disables 100 Cars

Posted by samzenpus on from the I-think-I-saw-this-movie dept.

hansamurai writes "Over one hundred cars equipped with a Webtech Plus blackbox were remotely disabled when a former employee of dealership Texas Auto Center got hold of his employer's database of users. Webtech Plus is repossession software that allows the dealership to disable a car's ignition or trigger the horn to honk when a payment is due. Owners had to remove the battery to stop the incessant honking. After the dealership began fielding an unusually high number of calls from upset car owners, they changed the passwords to the Webtech Plus software and then traced the IP address used to access the client to its former employee."

38 of 384 comments (clear)

  1. I don't understand by commodoresloat · · Score: 5, Funny

    Can someone explain this article to me using a car analogy?

    1. Re:I don't understand by tomhudson · · Score: 5, Insightful

      Can someone explain this article to me using a car analogy?

      Sure. You don't qualify for a car loan, but they'll sell you a car, with a 5% per month interest rate, all sorts of fees, and a "you pass by the office by such-and-such a date with the cash or we kill your car" deal. Lots of cash income, much of it undeclared by the dealer, since the financing is not reported to credit rating agencies (it's called "in house financing" for a reason :-)

      The car analogy? It's like getting a sh*tty deal on a sh*tty car.

    2. Re:I don't understand by tomhudson · · Score: 5, Informative

      To be fair, there are plenty of used car dealers who don't overcharge but do sell to not-terribly-reliable clients. They need a way to get their vehicle back when those clients quit paying.

      Here, let me fix that for you:

      "To be fair, there are plenty of used car dealers who overcharge when they sell not-terribly-reliable cars to not-terribly-reliable clients. They need a way to get their vehicle back when those clients quit paying so they can flip them to the next sucker."

      40% or more a year interest, extra fees, inflated "deposits" that are inevitably forfeited as soon as the sucker is one day late, the car repoed and the customer STILL owes the full amount as damages, "it's not a sale, it's a lease - at the end you can buy it for $100.00" - when at the end it's $100 + fees.

      It's the auto equivalent of pay-day loans.

    3. Re:I don't understand by clarkkent09 · · Score: 5, Insightful

      Yet those things have their place too, and they allow the worst of the deadbeats to somehow get a car. After all, it's not like getting a regular car loan from a reputable dealer is particularly difficult. I have a friend who works part time in a $12/hr job, has terrible credit history and no assets worth mentioning and she just got financing for a small used car from Carmax with an interest rate of 16%. People who have to get the deals like you mentioned are the ones that nobody in their right mind would loan money to except under those conditions. If they are being harsher than necessary on their customers then somebody (why not you?) will step in and be a slightly less harsh and take all the business.

      --
      Negative moral value of force outweighs the positive value of good intentions.
    4. Re:I don't understand by sodul · · Score: 5, Informative

      I suppose you are trolling but I'll answer your question: it is because there is a higher risk they will never see their money back. If you lend money to 100 people and 10% of them will not repay you, you cannot expect to gain anything if the loan rate is under 10% do you ? If you take an other set of 100 people where you expect only 1% of non payment then you can give them a much better rate.
      It just happen that people with large disposable income are less likely to default on a loan.

    5. Re:I don't understand by AK+Marc · · Score: 5, Insightful

      If she "hit a rough patch", she was already overextended when she hit it.

      That's false. For one, about half of all bankruptcies in the US are caused by people with medical insurance who can't pay their medical bills. And another, if you want to get a divorce, just start an account and tell your partner "that's the divorce account so that I won't be overextended in case of divorce." That's only slightly worse than hiding money away without telling them what it's for.

      --
      Learn to love Alaska
    6. Re:I don't understand by OzPeter · · Score: 5, Insightful

      For one, about half of all bankruptcies in the US are caused by people with medical insurance who can't pay their medical bills.

      I used that fact on another forum, and someone countered that the amount of $$$ that the bankruptcies were for was in the order of $1000 or so. My first thought was - "bastard, shoot my argument down why don't you". Then my second thought was "Jeez, is that how little money separates the majority of people from bankruptcy. Thats really sad".

      --
      I am Slashdot. Are you Slashdot as well?
    7. Re:I don't understand by mcpkaaos · · Score: 4, Insightful

      >Its statistics.

      No, it's just arithmetic. Stats is concerned with how likely and how often defaults may occur, not the overall gain or loss as a result.

      >Perhaps because you aren't very bright?

      Don't be a dick unless you are absolutely sure you are right. Even then, don't be a dick.

      --
      It goes from God, to Jerry, to me.
    8. Re:I don't understand by innocent_white_lamb · · Score: 5, Insightful

      Or you can just set up automatic payments for everything.
       
      This works well up until there is a problem or billing dispute. For example, I know of someone who had automatic payments being made from their account to the electric company. The utility decided that some damage that he didn't think he was responsible for was, in fact, his responsibility so they withdrew $7500 from his bank account. He discovered this when his other cheques and whatnot started bouncing.
       
      I have nothing set up for automatic payments. It doesn't take that long to write someone a cheque and put it in the mail, and I retain control of my own bank account and know that money won't be magically disappearing.
       
      When it comes to a billing dispute, I would prefer to have them coming after me for money rather than be in a position where I am trying to get my money back from them.
       
      I pay my bills but I want to know exactly how much I'm paying and what I got for my money. Then I'll write you a cheque.
       
      In that order.

      --
      If you're a zombie and you know it, bite your friend!
    9. Re:I don't understand by tomhudson · · Score: 5, Informative

      They were pulling numbers out of their asses. The Harvard study says it's a lot worse. http://content.healthaffairs.org/cgi/content/full/hlthaff.w5.63/DC1

      Among those whose illnesses led to bankruptcy, out-of-pocket costs averaged $11,854 since the start of illness; 75.7 percent had insurance at the onset of illness. Medical debtors were 42 percent more likely than other debtors to experience lapses in coverage. Even middle-class insured families often fall prey to financial catastrophe when sick.

      and

      Debtors with private insurance at the onset of their illnesses had even higher out-of-pocket costs than those with no insurance (Exhibit 5). This paradox is explained by the very high costs--$18,005--incurred by patients who initially had private insurance but lost i

      Just look at the "out-of-pocket" expenses - and keep in mind that this doesn't include having to continue to pay insurance premiums while losing revenue because you're ill ,,, url:http://content.healthaffairs.org/content/vol0/issue2005/images/data/hlthaff.w5.63/DC1/Himmelstein_Ex5.gif?

    10. Re:I don't understand by Eivind · · Score: 4, Insightful

      If -that- isn't an argument that your medical system is fundamentally FUBARed then I don't know what is.

      It's the worlds most expensive by far, has mediocre results (compare infant mortality or any other stat you can think of to any other country that spends above half the amount you spend) AND it regularily brings families into financial ruin, families that are ALREADY facing seriuos health-problems of one of the family-members, even those who HAVE insurance. (nevermind those who don't)

      It's COMPLETELY incomprehencible to me that anyone is willing to accept that crap. Seriously.

    11. Re:I don't understand by silentcoder · · Score: 5, Insightful

      And yet you folks still seem to honestly believe the "socialized medicine" would leave you WORSE off than you are ?

      *shakes head sadly*

      --
      Unicode killed the ASCII-art *
  2. Re:and by Anonymous Coward · · Score: 5, Insightful

    this makes front page of slashdot, why?

    Because it makes the idiots who claim this kind of backdoor would never be misused look bad. Why are you protesting so much, anyway?

  3. Re:What a dolt . . . by Anonymous Coward · · Score: 5, Funny

    or the Brown Note?

  4. What a maroon. by Anonymous Coward · · Score: 5, Insightful

    If you're going to play around with your ex-employer's systems like that, you don't do it from your own home. You go interstate, to a 'net cafe, and do it from there! Sheesh. Kids these days.

  5. Re:So... by tomhudson · · Score: 5, Informative

    How long until the police/feds/intelligence/etc get to start using this on civilians?

    They already are. See the latest OnStar commercials. If they're chasing you and you don't stop, they can either slow your car down, kill it, and/or make it start honking and flashing lights. And they can keep you locked in your car.

    They've also been caught using it to spy on people by activating the voice channel.

    Never buy a vehicle with OnStar.

  6. Re:Should have changed password right away by MDMurphy · · Score: 4, Funny

    Since I RTFA I know that he used someone else's password.

  7. Re:and by DigiShaman · · Score: 4, Insightful

    At least Slashdot got it right unlike Wired who states it was an act of "hacking". WTF Wired, it wasn't a hack. It was as simple act of intrusion without authorization. Nothing special or fancy was required to do so.

    --
    Life is not for the lazy.
  8. This sounds like some great software. by physicsphairy · · Score: 4, Funny

    I would definitely be interested in buying a car that can be triggered to shutdown or start blaring its horn remotely! Is there anyway to buy one with a built-in bomb?

    --
    When things get complex, multiply by the complex conjugate.
    1. Re:This sounds like some great software. by Anonymous Coward · · Score: 5, Funny

      I think a new Toyota would be exactly what you're looking for.

  9. Another disgruntled employee by CODiNE · · Score: 5, Funny

    When are bosses going to learn to stop taking away their gruntles??

    --
    Cwm, fjord-bank glyphs vext quiz
  10. Re:Moron by aztektum · · Score: 4, Funny

    >.<

    Oh man, trying to read that hurt. Punctuation is our friend.

    --
    :: aztek ::
    No sig for you!!
  11. Re:Back door? by Anonymous Coward · · Score: 5, Insightful

    It is a back door. It's a back door installed by the dealer into your car with the assurance that it won't be misused.

    The "front door" would be for them to send you a letter when you miss a payment, and send someone over to repossess the car if you continue to miss them, but I guess they feel that the tiny number of people who would try to steal the car justifies inflicting this system on all of their customers.

  12. Re:Back door? by bunratty · · Score: 4, Funny

    The real question is, why is there *one* password for all the cars?

    Well, duh! Because it's easier to remember. And it's better than having a post-it for each car -- just one post-it with the one password will do!

    --
    What a fool believes, he sees, no wise man has the power to reason away.
  13. Hmm by ryan.onsrc · · Score: 4, Insightful

    Perhaps Toyota should review which Engineers have been fired lately.

  14. Update of old sticker by Cryacin · · Score: 4, Funny

    Honk if you're Hacked!

    --
    Science advances one funeral at a time- Max Planck
  15. It's for people with crap credit by Sycraft-fu · · Score: 4, Informative

    They don't ask for it, the bank makes it a requirement of the loan. This way if a payment isn't on time, they can turn the car off to force the issue. You aren't going to find it on a car from a dealer, financed by a normal bank. It is for high risk situations.

    1. Re:It's for people with crap credit by compro01 · · Score: 4, Informative

      Or for people who own cars from GM. Onstar has this same kind of functionality.

      --
      upon the advice of my lawyer, i have no sig at this time
  16. And THIS, ladies and gentlemen... by Spy+der+Mann · · Score: 5, Insightful

    ...is the perfect example (and with car analogy indeed) of why DRM and remote product (de)activation is doomed to failure.

  17. Re:Back door? by Trogre · · Score: 4, Insightful

    No.

    The real question is what the blistering hell are remote kill switches doing on cars in the first place?

    I'm sure there's an iPhone analogy somewhere here...

    --
    "Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
  18. Re:and by ThePengwin · · Score: 4, Funny

    <sarcasm>
    Of course its hacking! how else could someone do that???
    Next you're going to say that someone guessing a Facebook password isn't hacking!!!
    </sarcasm>

  19. Re:Back door? by Jah-Wren+Ryel · · Score: 4, Informative

    The real question is, why is there *one* password for all the cars? Shouldn't it be one password for each employee who has access to log into the "car disabling" server which then sends the lockdown signal using a trusted certificate?

    They shouldn't have to change the passwords at all, just delete the employee's user account.

    No. That's not the real question. It's a stupid ass question because it was answered in article.
    Each employee does have an account. His account was even disabled. He used another employee's account.

    Man, you got a +5 for "I didn't read the article" - I can understand no one bothering to mod you down, but +5 stupid? Come on...

    --
    When information is power, privacy is freedom.
  20. Re:So... by YrWrstNtmr · · Score: 5, Informative

    And do you have any evidence that those things have been used when the owner is driving the car (even if wanted by the police) or only when the car is reported stolen?

    Sure. Case in Las Vegas. Note that the FBI's use was not deemed illegal/inappropriate, but rather that it denied the user/owner of use during that time.

  21. Re:Maroons make the news by OzPeter · · Score: 4, Insightful

    Non-maroons who do stuff like this, do it from net cafes using a chain of anonymous proxys, and they do not get caught.

    It's just the maroons like this one that you hear about.

    If I was ever going to consider doing this I'd buy a cheap laptop off Craigslist for cash, and then buy a wireless card for cash from another location, and then drive to some community in the middle of nowhere and look for an open wireless AP. After which I would then pass said laptop through a shedder .. a really big shredder.

    --
    I am Slashdot. Are you Slashdot as well?
  22. Re:They shouldn't be able to listen, but more comp by dontbgay · · Score: 5, Insightful

    My sister is like that... Willing to remove all risk from her life and put control in the hands of other people for the safety of her kids. That's all well and good, but I don't need someone having the ability to remotely disable my automobile regardless of my distance from the person with their finger on the button. Sure, responsibility for my family is is important, but I don't need the specter of a nanny snooping in and judging me because I want to listen to some Middle Eastern music.

    Life is risk. When you shed risk, it's usually at a price.

    --
    Sig not found.
  23. Re:and by hansamurai · · Score: 4, Informative

    When I submitted it I made a particular point to remove the references to "hacking".

    --
    Reviewing just the first hour of video games.
  24. Re:Back door? by KingMotley · · Score: 4, Funny

    But what happens after the last payment is made?

  25. Re:So... by tomhudson · · Score: 4, Insightful

    Sounds like GM can forget about getting any of my money.

    they already got it - billions of it. Bail-out bux.