
Hacker Disables Over 100 Cars Remotely - phsr
http://www.wired.com/threatlevel/2010/03/hacker-bricks-cars/
======
timmorgan
C'mon, Wired. _Hacker_?

He logged into the web interface from home using a password.

The better headline would have been "Poor Security Allows Disgruntled Employee
to Disable Over 100 Cars Remotely."

~~~
roc
Suppose he did use another employees account. Suppose he used social
engineering tricks to get that user to reveal his password.

That was Mitnick's MO and most have long since ceded him the epithet "hacker".

That said: > _"Omar was pretty good with computers"_ If he really was, he'd
have used Tor and they'd have never known it was him.

~~~
rbanffy
> That was Mitnick's MO and most have long since ceded him the epithet
> "hacker".

Well... I haven't ;-)

------
fnid2
I would consider what this 'hacker' did a service to humanity, because now I
know that something much more evil than _him_ exists, namely this:

    
    
       a small black box under vehicle dashboards that 
       responds to commands issued through a central website, 
       and relayed over a wireless pager network.
    

That's horrible! Why isn't wired concentrating on _that_ aspect of the story?
_That's_ the story. That some hacker used it to have some fun honking horns is
beside the point.

If I found out something like that existed in my car, I'd be _livid_!

EDIT: from the comments I see it's for derelicts who agree to have it
installed. hmph. note to self: calm down

~~~
plesn
Derelicts or not, this system is _plain evil_ : it teaches us that stuff we
buy is less and less really ours.

We can't hack on stuff, we can't repair stuff, we should use stuff only the
way we're supposed to, and now only when we are allowed to. The funniest thing
is that we praise "private property"...

~~~
maukdaddy
If you "buy" a car on credit (a loan), it isn't YOURS until paid off.

~~~
jrockway
So if a bank loans you money to buy a house, the bank's officers can come in
at night and shoot you for trespassing on their property? Try again.

------
brk
These systems have come a long way since I last looked in on this technology.

When I lived in Detroit the Mel Farr autogroup has a system (that I believe
was semi-proprietary/in-house design) that they would install on high-risk
loan vehicles. It was activated over a pager network and would allow them to
remotely disable the starter on a vehicle if the weekly (yes, weekly) payment
hadn't been made in time.

It was not an uncommon occurrence to hear of of see vehicles that were left
running 24/7 until the owner could scrape up enough cash for their payment.
The system at that time only disables the starter, so once the car was running
you were good as long as you didn't shut it off.

Obviously the maturity of this system has come a long way since that time
(1996ish).

~~~
eru
Gasoline must have been cheap, when 24/7 running cost less than the weekly
payments. (Or was it just very short-termist behaviour?)

------
joshu
I wonder how many of the car owners knew there was a remote disable switch in
their cars.

Also, I suspect this is a small outbreak of The Future we're all about to
inhabit.

~~~
ars
All of them?

This is not a standard car feature, it's added specially for people who are a
poor credit risk, allowing the creditor to remotely disable the car if they
don't pay.

~~~
jrockway
Why don't these people just clip the wire leading to the disabler device?

~~~
ars
Why should they?

No one forced this on them, they requested it. It's the only way they can get
a car loan.

~~~
jrockway
Where do we draw the line? If the only way for you to get a loan was to sign
over the right to have your family abducted and held for ransom, would that be
OK? Why is that not OK, but having the car honk at your neighbors all night
is?

~~~
ars
We draw the line wherever the borrower wants to draw it. If the borrower (and
his family in the case) are OK with it, then what's the problem?

And if he's not, then he shouldn't borrow the money.

Are you implying people have the right borrow money?

~~~
jrockway
_Are you implying people have the right borrow money?_

Yes.

------
Rust
Is this the sort of system one would want locked down to only be accessible
from certain IP addresses? Like the dealership's IP address?

It truly baffles me how even the most basic security precautions seem to be
beyond the ken of $100/hour professionals/companies.

~~~
ax0n
Most auto Stealerships are just using the same old broadband that home users
have, with dynamic DHCP IP addresses.

As for the provider? I wouldn't likely blame them. It was likely that several
dealerships may have set up one shared account on the system for everyone to
use, or that someone left the password written or printed out in plain view.
These things happen. All. The. Time.

~~~
cookiecaper
Can't we blame them for creating such an evil system?

------
ax0n
Funny. Also, these are very easy to bypass if you are at all familiar with
automotive alarm or remote-start installation.

------
lutorm
Is it really legal to install something like that on a customer's car without
their knowledge? Or did the customers willingly submit to that deal? Over my
dead body would I let someone put a remote-operated controller with web access
into anything I own. (Hence I'm not going to buy an iphone or a kindle that
you use at the pleasure of the corporation...)

This is worse though, it's like the physical manifestation of malware!

~~~
illumin8
This is definitely agreed to by the customer. These are the "sub-prime" of
used car dealerships. Charge 30% interest rates, accept weekly payments for
people with bad credit, and Lojack their car if they don't pay up.

------
rosser
Oh, that's brilliant: "What, you can't make your car payment? Let's see you
get to work now!"

~~~
jrockway
What's brilliant is a society where everyone has to have a car to survive.

------
whalesalad
Wow... I'm more concerned that car dealers are actually installing boxes like
this in cars.

Just another reason why I prefer the older cars from the 90's where they don't
have hundreds of miles of wiring and eight layers of plastic above the engine
to prevent maintenance.

------
edw519
Big deal. I'll be impressed when he can do that to my '72 Pinto.

~~~
fexl
Ah ... that reminds me of my first car, a red 1972 Toyota Celica. That was a
great car.

------
peterwwillis
In Other News: Real hackers will now be monitoring pager communications for
the signals sent to these cars and do it themselves without the company
website.

~~~
westbywest
This possibility is made even more likely by the inconvenient fact that pager
networks are _unencrypted_. It basically amounts to a gentleman's agreement
between service providers that pages sent by one provider's customer do not
accidentally appear on the device of another provider's customer.

Gives new meaning to war-driving.

