A Texas based car dealership that thought it a good idea to flog cars with a web-based immobilisation system might be regretting the decision after a disgruntled employee switched off customer cars.
Texas Auto Center sold cars with technology that bricks cars or causes them to honk their horns if punters are late with car payments.
However when it laid off Omar Ramos-Lopez, it found that it gave employees a little too much power over customers.
Before Ramos-Lopez left the company he got a list of passwords for each car and bricked 100 of them.
Initially the problem was dismissed it as mechanical failure, and then Ramos-Lopez started to make the cars toot in the middle of the night so that the owners had to remove the battery.
The system called Webtech Plus is used as an alternative to repossessing vehicles that haven’t been paid for. It is a small black box under vehicle dashboards that responds to commands issued through a central website, and relayed over a wireless pager network. The dealer can disable a car’s ignition system, or trigger the horn to begin honking, as a reminder that a payment is due.
In the end Texas Auto Centre reset the Webtech Plus passwords for all its employee accounts and the problem went away. Inspector Knacker of the Texas Yard looking at the logs spotted Ramos-Lopez’s AT&T IP address.
Although Ramos-Lopez’s account had been closed when he was made redundant he got in through another employee’s account.
There’s more at Wired.