Sign in with
Sign up | Sign in

Ex-Car Salesman Remotely Disables 100 Cars

By - Source: Tom's Guide US | B 34 comments

On Wednesday police in Austin, Texas arrested a 20-year old man on suspicion of remotely disabling more than 100 vehicles sold through his former place of employment, Texas Auto Center.

Wired reports that more 100 drivers in Austin had their cars disabled or had their car horns start to honk uncontrollably after an intruder ran amok in a web-based vehicle-immobilization system used by Texas Auto Center.

Webteck Plus, offered by a company called Pay Technologies, is used to remind customers who are late on their car payments that they're falling behind. A small black box is installed under the dashboard and it responds to commands issued from a central website.

When 20-year-old Omar Ramos-Lopez was laid off, he allegedly broke into the system and disabled or tampered with over 100 cars sold through his employer's dealerships.

"We initially dismissed it as mechanical failure," Texas Auto Center manager Martin Garcia said. "We started having a rash of up to a hundred customers at one time complaining. Some customers complained of the horns going off in the middle of the night. The only option they had was to remove the battery."

The problems stopped once the system was reset and all the passwords changed, however, IP logs from PayTeck traced the breach to one Ramos-Lopez’s AT&T internet service. The ex-employee accessed the system through another employees account and began tampering with and disabling vehicles via specific name searches. Once Ramos-Lopez realized he could pull up a list of all the cars equipped with the technology (more than 1,000), he began going down the list, disabling cars in alphabetical order.

The 20-year-old faces computer intrusion charges for gaining unauthorized access to the system.

Discuss
Display all 34 comments.
This thread is closed for comments
Top Comments
  • 28 Hide
    thackstonns , March 18, 2010 2:14 PM
    So after I am done paying for the car does that mean they still have access to my car. Or do they remove the drm? I mean the black box. Sorry thought I was talking about assasins creed there. /end sarcasm
  • 27 Hide
    nightwraith35711 , March 18, 2010 1:50 PM
    He obviously was not behind 7 proxies...

    fail
  • 23 Hide
    jonathan1683 , March 18, 2010 1:54 PM
    What a shitty system that gives employees direct access/logins to disable 100s of customer cars.. What if they were driving on the freeway? I smell a lawsuit. This should be done on a VPN and only give access to management to disable a vehicle. I work for Mercedes and you need an actual police report before they will even attempt to give the location of a stolen vehicle. Yikes.
Other Comments
  • 2 Hide
    megamanx00 , March 18, 2010 1:42 PM
    Doh
  • 20 Hide
    pswenne , March 18, 2010 1:46 PM
    hum.. if that guys had been working for Toyota they would have promoted him. think about it, he could have stopped those car from accelerating :)  (jk)
  • 27 Hide
    nightwraith35711 , March 18, 2010 1:50 PM
    He obviously was not behind 7 proxies...

    fail
  • 7 Hide
    doc70 , March 18, 2010 1:54 PM
    Disgruntled idiot.
    Did he REALLY think that he can't be traced back?
    And why take the vandalism to customers?

    Jail time!
  • 23 Hide
    jonathan1683 , March 18, 2010 1:54 PM
    What a shitty system that gives employees direct access/logins to disable 100s of customer cars.. What if they were driving on the freeway? I smell a lawsuit. This should be done on a VPN and only give access to management to disable a vehicle. I work for Mercedes and you need an actual police report before they will even attempt to give the location of a stolen vehicle. Yikes.
  • 11 Hide
    jellico , March 18, 2010 2:03 PM
    Yeah, and are the customers aware that they are buying cars with a backdoor lo-jack installed? I would be pretty damn pissed if I found out my vehicle had crap like this installed without my knowledge and consent.
  • 28 Hide
    thackstonns , March 18, 2010 2:14 PM
    So after I am done paying for the car does that mean they still have access to my car. Or do they remove the drm? I mean the black box. Sorry thought I was talking about assasins creed there. /end sarcasm
  • 4 Hide
    JohnnyLucky , March 18, 2010 2:38 PM
    Sounds like a plot for a Hollywood movie.
  • 7 Hide
    underpatch , March 18, 2010 2:39 PM
    lol ... automotive drm ..... ubisoft pay attention you need to fail even harder to keep up with these gays ...
  • 4 Hide
    tommysch , March 18, 2010 2:41 PM
    Proxies...

    Fail.
  • 4 Hide
    nforce4max , March 18, 2010 2:52 PM
    This is why I prefer vintage cars since they WORK and don't have any of this crap in them. Bad day when this crap happens and you really need to get some ware.
  • 1 Hide
    tethoma , March 18, 2010 2:52 PM
    This is why you never share your password. All the security measures in the world can be compromised by a user with a crappy password or giving it out to a friend.

    From Webtek Plus's point of view, there really is nothing they can lock down more to avoid this in the future. They already had the fired user's name blocked.
  • 2 Hide
    sliem , March 18, 2010 2:53 PM
    Way to go on ruining your salesmanship career.
    Oh and also...

    Jail for you.
  • 8 Hide
    barmaley , March 18, 2010 3:01 PM
    nightwraith35711He obviously was not behind 7 proxies...fail


    Yep, he obviously wasn't!

    But you don't even need to go that far and take a small chance they'll still track you back. I would just go to any public hot spot, of which they are plenty now, and use my laptop over there. Also, wear something that would not make you easily identifiable in case there are security cameras.

    And yeah, using your own personal internet account for that (or one that can be easily linked to you) was a really dumb idea.
  • 1 Hide
    jonathan1683 , March 18, 2010 3:09 PM
    tethoma,

    Not true, Like I said that system should be on a VPN and should only be accessible to management. I cannot access any of our web apps or customer information from my house.
  • 1 Hide
    Anonymous , March 18, 2010 4:03 PM
    Funny that they see the need to have the system at all, if you are ignoring the letters/calls telling you to pay up... are you really going to pay if they disable your car?
  • 2 Hide
    etrnl_frost , March 18, 2010 4:07 PM
    Someone once asked me why I thought it was a horrible idea to put a remote digital kill switch in vehicles.

    /argument
  • 1 Hide
    irtehyar , March 18, 2010 4:25 PM
    Any abuse to a system that shouldn't exist in the first place gets my approval. Especially when some other jerk is willing to take the fall for it. Thanks dood!
  • 17 Hide
    Trueno07 , March 18, 2010 4:39 PM
    "The car must be connected to the internet for it to run"
  • -8 Hide
    sliem , March 18, 2010 5:11 PM
    Trueno07"The car must be connected to the internet for it to run"


    What are you talking about?
Display more comments
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter