Ex-Car Salesman Remotely Disables 100 Cars

Wired reports that more 100 drivers in Austin had their cars disabled or had their car horns start to honk uncontrollably after an intruder ran amok in a web-based vehicle-immobilization system used by Texas Auto Center.

Webteck Plus, offered by a company called Pay Technologies, is used to remind customers who are late on their car payments that they're falling behind. A small black box is installed under the dashboard and it responds to commands issued from a central website.

When 20-year-old Omar Ramos-Lopez was laid off, he allegedly broke into the system and disabled or tampered with over 100 cars sold through his employer's dealerships.

"We initially dismissed it as mechanical failure," Texas Auto Center manager Martin Garcia said. "We started having a rash of up to a hundred customers at one time complaining. Some customers complained of the horns going off in the middle of the night. The only option they had was to remove the battery."

The problems stopped once the system was reset and all the passwords changed, however, IP logs from PayTeck traced the breach to one Ramos-Lopez’s AT&T internet service. The ex-employee accessed the system through another employees account and began tampering with and disabling vehicles via specific name searches. Once Ramos-Lopez realized he could pull up a list of all the cars equipped with the technology (more than 1,000), he began going down the list, disabling cars in alphabetical order.

The 20-year-old faces computer intrusion charges for gaining unauthorized access to the system.

Create a new thread in the Streaming Video & TVs forum about this subject
This thread is closed for comments
    Your comment
    Top Comments
  • So after I am done paying for the car does that mean they still have access to my car. Or do they remove the drm? I mean the black box. Sorry thought I was talking about assasins creed there. /end sarcasm
  • He obviously was not behind 7 proxies...

  • What a shitty system that gives employees direct access/logins to disable 100s of customer cars.. What if they were driving on the freeway? I smell a lawsuit. This should be done on a VPN and only give access to management to disable a vehicle. I work for Mercedes and you need an actual police report before they will even attempt to give the location of a stolen vehicle. Yikes.
  • Other Comments
  • Doh
  • hum.. if that guys had been working for Toyota they would have promoted him. think about it, he could have stopped those car from accelerating :) (jk)
  • He obviously was not behind 7 proxies...