Hacker blocked more than 100 machines via the Internet

More than 100 car owners in Austin (Texas) found their cars blocked or unmanageable (the horn could not be turned off) after hacking the immobilization system that a local Texas Auto Center dealer installed on cars for sale on credit. This system must be activated if the client has delayed the payment on the loan.

Motorists who had started to hum the car in the middle of the night, had to fix the problem themselves. But the only option was to remove the battery. Many people were forced to call a tow truck and skip work.

The hacks lasted for five days, until the company changed the passwords on the central server that controls the immobilization system.

The High Tech Crime unit of the local police conducted a special operation and discovered a “hacker”: it turned out to be a 20-year-old Omar Ramos-Lopez (Omar Ramos-Lopez), a former employee of the Texas Auto Center auto dealer, who was fired right before the burglary. He entered the Web Technologies Webtech Plus system manufactured by Pay Technologies , using someone else's password. The cracker was identified by his IP address.
')
First, Omar Ramos-Lopez searched the database for records by owner name. Then he discovered that he could get access to a complete database of 1,100 Texas Auto Center customers, and began methodically blocking them alphabetically.

According to the preliminary version of the investigation, the suspect thus decided to take revenge on the former employer. The victims were the cars sold by the dealer from four trading platforms in the city.

The hardware-software complex provides for the installation of “black boxes” on cars that connect to the instrument panel of the car and receive commands from the central server of the system through a paging connection. This "bug" can block the ignition system or turn on the car horn, if the next loan payment is overdue. For safety reasons, the system cannot be activated when the engine is turned on.

The manufacturer has already officially challenged the possibility of activating the beep of the car in the middle of the night. According to their information, this option can be activated only from 9 to 21 hours. In general, for ten years of such systems, this is the first case of hacking.

via Wired