Disgruntled Ex-Employee Remotely Disables 100 Cars 384
hansamurai writes "Over one hundred cars equipped with a Webtech Plus blackbox were remotely disabled when a former employee of dealership Texas Auto Center got hold of his employer's database of users. Webtech Plus is repossession software that allows the dealership to disable a car's ignition or trigger the horn to honk when a payment is due. Owners had to remove the battery to stop the incessant honking. After the dealership began fielding an unusually high number of calls from upset car owners, they changed the passwords to the Webtech Plus software and then traced the IP address used to access the client to its former employee."
So... (Score:2, Interesting)
How long until the police/feds/intelligence/etc get to start using this on civilians?
Re:I don't understand (Score:4, Interesting)
To be fair, there are plenty of used car dealers who don't overcharge but do sell to not-terribly-reliable clients. They need a way to get their vehicle back when those clients quit paying.
Moron (Score:4, Interesting)
Maroons make the news (Score:4, Interesting)
Non-maroons who do stuff like this, do it from net cafes using a chain of anonymous proxys, and they do not get caught.
It's just the maroons like this one that you hear about.
They shouldn't be able to listen, but more complex (Score:3, Interesting)
> Never buy a vehicle with OnStar.
The system should be more or less hard-wired so that it notifies you when the microphone activates for any reason. But as a consumer, I might be willing to accept the possibility of listening in for the added level of safety. I'd be a helluvalot MORE likely to do so if they needed a warrant to listen, but even so, it's good to have an added level of redundancy in your safety systems. Keeping a cellphone, being able to get to a cell phone, the cell phone working where you are, and knowing who to call and how to report your position, are all single points of failure. You can work around some of them--e.g. calling 911 instead of the local police--but the more redundancies, the better.
This is doubly true if you have a family, in which case you're buying not for your own safety, but for that of other people. To my mind, that's a greater responsibility.
The real danger, of course, is warrantless recordings, mass recordings, and data-mining.
Re:I don't understand (Score:1, Interesting)
never understood why banks expect to make money by charging higher interest rates to those who are least able to pay in the first place. what is it? some kind of poor tax?
Repo in AZ (Score:3, Interesting)
Or do what Arizona does where all the dealer has to do (other than a few formalities) is ask you to return the car, OR ELSE.
Since the OR ELSE in Arizona is a class 6 felony!
Facing up to 2 1/4 years in prison and being a felon for not turning it in makes having repo woman/man kinda redundant (surprisingly they exist, even though a dealer can have the police get the car back for free).
P.S. I'd HATE that law if I was a repo company employee or owner! Less reason to be used, and people in prison don't drive cars and felons have trouble getting them, so bad for repeat business. I can see how the deadbeats were unable to stop such a law, but surprised the repo companies didn't pay someone off to have it not pass or get repealed. There's big money in that business.
Also surprised the repo companies didn't get behind lobbying to make the remote black boxes illegal (have a "consumer protection" front lobby against it). No need to hire a repo company when all you need is a remote shutoff box and a tow truck.
As far as I know AZ is the only state with the law making it a felony to not return a car, although others make it a crime to "conceal collateral" (IL felony (*), CA misdemeanor).
P.P.S.:
(*) IL is probably the state with the most things defined as felonies I have seen. Not NY or CA or UT or anywhere else you'd expect (except maybe FL, but you don't even need to be convicted of a felony - they took people off the voter rolls in 2004 for felonies "committed" in 2007 - plus that state seems to be in a race with TX to see how pro-execution they can be.)
Re:I don't understand (Score:3, Interesting)
Anyone stupid enough to loan money to someone who has walked away from their previous debts deserves the chance to lose any money they loan that person. Usurious loans fall under that category, too.
Must be nice to live in a perfect little world where you are the sole person that can hurt your credit. My uncle doesn't talk to my grandmother because when he was in college she got a few credit cards in his name and destroyed his credit. When he got out of college he had student loans to take care of.
Re:They shouldn't be able to listen, but more comp (Score:3, Interesting)
My sister is like that... Willing to remove all risk from her life and put control in the hands of other people for the safety of her kids.
You'd be amazed how many people are. "For the chillllldruuuun!!!" is one of those arguments that you just can't win because you either get painted as someone who'd understand if they had kids or someone who's sympathetic towards kiddie fiddlers, at which point any chance of a sensible discussion just goes out the window.
It's the modern-day equivalent to witch hunting.
Re:And THIS, ladies and gentlemen... (Score:4, Interesting)
...is the perfect example (and with car analogy indeed) of why DRM and remote product (de)activation is doomed to failure.
Actually, this is a perfect example of why remote product deactivation is a great idea (it reduces the risk involved in selling a car on credit to people who are lousy credit risks), there are just some glitches that need ironing out. If it had been authenticated with a certificate which could be revoked as soon as the employee left (even better - build the certificate revoking process into the "remove employee from computer system" process) it'd be much less of an issue.
If you want an example of why remote product (de)activation is a lousy idea - and one with a car analogy - there was one on /. a couple of years back about a gated multi-storey car park where the developers of the car-park remotely locked the car park (locking all the cars in) when the owner refused to pay a monthly fee.
Re:Another disgruntled employee (Score:4, Interesting)
"Disgruntled" is a word with very interesting origins. On the surface, it is one of those words (like "non-chalant") that appears to be a compound suggesting a non existent opposite word (like "chalant")
The OED cites P.D. Wodehouse for "gruntled", but obviously Wodehouse was playing with the language here when he suggests that it means "satisfied". "Gruntle" is actually a word, but it is an obsolete one. It is not the opposite of "gruntle". "Gruntle"/"disgruntle" is a word pair more like "flammable"/"inflammable"; the "in-" prefix in "inflammable" is not the "in-" that means "not" ; it is the "in-" prefix that means "in, into or onto". The "in-" in "inflammable" is a cognate of the prefix "en-", as in "enraged".
"Dis-" in "disgruntled" is from a much rarer and erudite Latin sense of "dis", one that means "utterly". Both the "utterly" sense of "dis" and the "not"/"lack"/"opposite of" senses come from a Proto-Indo-European root mean "to separate".
So we should take "disgruntled" to mean "utterly gruntled", not "un-gruntled". So what is "gruntle" supposed to mean? Technically, "gruntle" is the frequentive form of "grunt". A "frequentive" verb is one that indicates a continual, incessant action. The word "gruntle" originally came into English meaning the incessant sounds made by an inconsolably upset pig. Later by metonymy it came also refer to the pig's snout (the part he gruntles with), and later the word was used to describe the faces of people in an unpleasant mood. There are not so many useful Latin prefixes for amplification, and "supergruntled" does not trip off the tongue, so "disgruntled" became the word for a person whose face expressed a very unpleasant mood.
not really $1000 (Score:4, Interesting)
Here's a study: http://download.journals.elsevierhealth.com/pdfs/journals/0002-9343/PIIS0002934309004045.pdf [elsevierhealth.com] ("Medical Bankruptcy in the United States, 2007: Results of a National Study")
"92% of these medical debtors had medical debts over $5000, or 10% of pretax family income. The rest met criteria for medical bankruptcy because they had lost significant income due to illness or mortgaged a home to pay medical bills. Most medical debtors were well educated, owned homes, and had middle-class occupations. Three quarters had health insurance."
So while the medical debt is not necessarily sky-high, losing your job due to illness means that you are screwed on all your debts. Car, house, etc.
Also, further down: "Out-of-pocket medical costs averaged $17,943 for all medically bankrupt families" ... this means that these families successfully paid A LOT of money (~$13K) before declaring bankruptcy and ending up in an average of ~$5K of medical debt. These are not the people that ran up huge consumer debts and declared bankruptcy. These are the people that paid every bill until they just had no money left.
Re:I don't understand (Score:2, Interesting)