Disgruntled Ex-Employee Remotely Disables 100 Cars 384
hansamurai writes "Over one hundred cars equipped with a Webtech Plus blackbox were remotely disabled when a former employee of dealership Texas Auto Center got hold of his employer's database of users. Webtech Plus is repossession software that allows the dealership to disable a car's ignition or trigger the horn to honk when a payment is due. Owners had to remove the battery to stop the incessant honking. After the dealership began fielding an unusually high number of calls from upset car owners, they changed the passwords to the Webtech Plus software and then traced the IP address used to access the client to its former employee."
Re:So... (Score:5, Informative)
They already are. See the latest OnStar commercials. If they're chasing you and you don't stop, they can either slow your car down, kill it, and/or make it start honking and flashing lights. And they can keep you locked in your car.
They've also been caught using it to spy on people by activating the voice channel.
Never buy a vehicle with OnStar.
Re:I don't understand (Score:5, Informative)
Here, let me fix that for you:
"To be fair, there are plenty of used car dealers who overcharge when they sell not-terribly-reliable cars to not-terribly-reliable clients. They need a way to get their vehicle back when those clients quit paying so they can flip them to the next sucker."
40% or more a year interest, extra fees, inflated "deposits" that are inevitably forfeited as soon as the sucker is one day late, the car repoed and the customer STILL owes the full amount as damages, "it's not a sale, it's a lease - at the end you can buy it for $100.00" - when at the end it's $100 + fees.
It's the auto equivalent of pay-day loans.
It's for people with crap credit (Score:5, Informative)
They don't ask for it, the bank makes it a requirement of the loan. This way if a payment isn't on time, they can turn the car off to force the issue. You aren't going to find it on a car from a dealer, financed by a normal bank. It is for high risk situations.
Re:Should have changed password right away (Score:3, Informative)
the correct procedure is to
1 revoke the passwords/tokens for said employee
2 redact the persons desk and figure out how long of a timeout is needed (if any)
3 after the timeout escort the employee from the property
so the three words you need to know are Revoke Redact Remove this would be the only safe thing to do
Re:Back door? (Score:5, Informative)
The real question is, why is there *one* password for all the cars? Shouldn't it be one password for each employee who has access to log into the "car disabling" server which then sends the lockdown signal using a trusted certificate?
They shouldn't have to change the passwords at all, just delete the employee's user account.
No. That's not the real question. It's a stupid ass question because it was answered in article.
Each employee does have an account. His account was even disabled. He used another employee's account.
Man, you got a +5 for "I didn't read the article" - I can understand no one bothering to mod you down, but +5 stupid? Come on...
Re:So... (Score:5, Informative)
Sure. Case in Las Vegas [subliminalnews.com]. Note that the FBI's use was not deemed illegal/inappropriate, but rather that it denied the user/owner of use during that time.
Re:I don't understand (Score:5, Informative)
I suppose you are trolling but I'll answer your question: it is because there is a higher risk they will never see their money back. If you lend money to 100 people and 10% of them will not repay you, you cannot expect to gain anything if the loan rate is under 10% do you ? If you take an other set of 100 people where you expect only 1% of non payment then you can give them a much better rate.
It just happen that people with large disposable income are less likely to default on a loan.
Re:It's for people with crap credit (Score:5, Informative)
Or for people who own cars from GM. Onstar has this same kind of functionality.
Re:And THIS, ladies and gentlemen... (Score:3, Informative)
Shrug, several people pay for these features.
LoJack and OnStar, services which cost considerably yearly fees have this feature as a selling point.
In this case its used just like LoJack. The bank requires it be installed on cars of jackasses who no one wants to finance due to their history. It in fact is something that allows the bank to feel confident that the risk of the loan is not unacceptably high for someone who indeed is an unacceptably high risk. Its really no different than the higher interest rate or larger down payment they require. Its all risk mitigation.
It is an example of what happens when a good idea gets used for bad things.
Guns intended for sport can be used to kill people.
Trucks to carry product to stores can be turned into rolling bombs.
Remote wipe on your blackberry/iPhone/Treo/Whatever can be used to protect your data or destroy it.
Lots of things with good, perfectly acceptable intentions can be fucked up by a bad person. If your entire DRM argument revolves around this single retarded point, you're going to fail.
If you want to get rid of DRM there have to be equal or better alternatives. Since these people couldn't buy a car without DRM, there are infact not only no better deals, there are no equal deals, and in fact no deals at all with that option off the table.
This isn't a case of using DRM to force people to buy multiple copies of the same thing to use it on multiple devices. This isn't DRM being used to restrict what you can do with something after you paid for it.
This is DRM being used to restrict something that has not in fact been paid for yet. If the people walked in and didn't require a loan, there would be no DRM. The cheaper alternative in fact has no DRM.
Your comment could not be more wrong. This is a shining example of DRM being used to benefit all involved, and shows how one douche bag can still fuck it up for you anyway.
Either way, you're an idiot if you think this is some shining example of how DRM is bad. Without the DRM, they wouldn't have had a car to be disabled or to be inconvenienced because it wouldn't start or the horn was honking.
Re:and (Score:5, Informative)
When I submitted it I made a particular point to remove the references to "hacking".
Re:I don't understand (Score:5, Informative)
They were pulling numbers out of their asses. The Harvard study says it's a lot worse. http://content.healthaffairs.org/cgi/content/full/hlthaff.w5.63/DC1 [healthaffairs.org]
and
Just look at the "out-of-pocket" expenses - and keep in mind that this doesn't include having to continue to pay insurance premiums while losing revenue because you're ill ,,, url:http://content.healthaffairs.org/content/vol0/issue2005/images/data/hlthaff.w5.63/DC1/Himmelstein_Ex5.gif?
Re:I don't understand (Score:1, Informative)
I have good credit, I don't understand how the bank makes money loaning me $ at 3.9% interest when I can't even get that good a rate on my mortgage
Because they're borrowing it from the Feds at Zero, and/or using money held in checking accounts that are not accruing any interest. There are a lot of other aspects to banking beyond this, but those are the two easiest examples to illustrate.
As for all your math, it's not relevant unless you're talking about "in-house" financing which is a whole different ballgame.
Normally what happens is that you get the loan from the bank at X% interest, who promptly take that loan and sells it to another company for (let's just pull a number out of thin air here) 90% of the value of the loan. Bank makes the remainder% value of the loan immediately, the other company ends up keeping the 10% (in this case).
The actual amount it gets sold for varies widely, and is based on the credit worthiness, payment history, value of any attached assets, etc. In many cases the second company will take that loan, along with a whole bunch of other loans, roll them into one big package and sell it off to yet another company.
Usually they will take a small amount of high-risk loans and package them along with some low-risk loans to offset any potential defaults. It's this exact mechanism that we heard all about in the housing/banking/mortgage industry for the last couple years. The reason that was so bad was that the people in the financial system were pretty much lying to each other about the risk level of the loans as well as the value of the attached assets, and instead of the low-risk loans absorbing the losses of the high-risk defaults, when everything went to hell people found out the hard way that most of the loans were actually high-risk and the rest is history. But the point is that in most cases the people who originally granted the loan actually got their money back almost immediately.
Re:I don't understand (Score:3, Informative)
Sounds like a flaw in the banking system in your country...
In the UK we have standing orders and direct debits, standing orders are a fixed amount decided on by you and are great for loan payments and the like where the amount never changes...
For variable amounts like utility companies etc, we have direct debit which offers a guarantee similar to a credit card - you file a dispute and your meant to get the money back immediately while the dispute is sorted out... They also have to notify you a couple of weeks before taking the payment, so you have the opportunity to stop a payment that looks wrong in which case the company will come after you normally.
I don't have a cheque book, banks here often don't supply them by default and many places don't accept them at all. I hate receiving cheques because they're a hassle to deal with, i have to go to the bank during its limited opening hours (when i'm usually working), fill out a form to deposit it, stand in line and then wait 5 days to actually get the money or find out something has failed and i don't actually have the money at all.
Re:I don't understand (Score:1, Informative)
So, I take it that you're a Republican. Do me a favor and look at this [factcheck.org]. The bottom section has a nice graphic that compares two Republican healthcare bills, a bi-partisan bill, and the Senate and House bills. Between the five of them, there aren't that many substantial differences.
If you truly believe the people who are telling you that the government is taking over healthcare and will be able to decide you aren't worth treating, do me a favor: ask those people which bill they would prefer. Then try to find out which one of the minor differences in the bills removes death panels. Here's a hint - there is no such thing. The major differences between Republican healthcare plan and Democrat healthcare plan involve how wide coverage will extend, where the money comes from, and how much it will cost.
You people are so far removed from reality that it isn't amusing anymore. Educate yourselves.
(Note: The figures for the bi-partisan Wyden-Bennett bill and covering the uninsured comes from a dubious source. I personally doubt this one, but the others are all quite credible.)