Remote hacker immobilises over 100 cars

Car tow-away
A 20-year-old man has been arrested in Austin, Texas, after allegedly hacking into a computer system which caused more than 100 cars to be disabled with, in some cases, their horns blaring out repeatedly.

Omar Ramos-Lopez, a former employee of Texas Auto Center, a collection of 4 car dealerships in the Austin area, is suspected of breaking into a web-based immobilisation system called WebTeck Plus that is normally only used if customers are behind in making their payments.

According to a report in Wired magazine, the car dealership had fitted the devices, which are the size of a deck of cards, into vehicles, giving the ability to disable a car’s ignition or trigger the horn if a payment is due.

Thankfully, the cars cannot be disabled while they are in motion.

For five days in the last week of February, more than a 100 customers found themselves without transportation and were forced to miss work, call tow trucks or disconnect their car batteries. Only when the car dealership reset its employees passwords did things return to normal. An investigation by Austin’s High Tech Crime Unit uncovered an IP address used in the hack, which is said to have pointed to Omar Ramos-Lopez.

According to authorities, Texas Auto Center did the right thing – and terminated Ramos-Lopez’s username and password when he lost his job last month, but he is alleged to have gained access after using another employee’s account.

I must admit I don’t think I’ve ever heard of a hacker breaching cars quite like this before. The only consolation for the rest of us is that it’s pretty unlikely that we are likely to face the same risk, unless we purchase a car from a “cheap-and-chips” car dealership that specialises in lots of high-risk purchasers.

Although this attack is definitely out-of-the-ordinary it does underline the importance of proper password security – something that many businesses definitely need to learn a lesson about.