Hacker Disables More Than 100 Cars Remotely
By Kevin Poulsen
March 17, 2010 1:52 pm
More than 100 drivers in Austin, Texas found their cars disabled or the horns honking out of control, after an intruder ran amok in a web-based vehicle-immobilization system normally used to get the attention of consumers delinquent in their auto payments.
100多名司機在德克薩斯州奧斯汀市發現,他們的車失去能力或鞍鳴喇叭失控,在一名入侵者於一個網絡基礎的車輛制動系统內狂亂地跑後,它通常是用來在消費者的汽車拖欠款項時取得他們的注意。
Police with Austin’s High Tech Crime Unit on Wednesday arrested 20-year-old Omar Ramos-Lopez, a former Texas Auto Center employee who was laid off last month, and allegedly sought revenge by bricking the cars sold from the dealership’s four Austin-area lots.
警方與奧斯汀的高科技犯罪小組 在星期三,拘捕20歲的奧馬爾拉莫斯洛佩斯,一名前得克薩斯州汽車中心的僱員,他在上個月被解僱和據說會尋求報復,以磚掟經銷商在四個奧斯汀區地段出售的汽車。
“We initially dismissed it as mechanical failure,” says Texas Auto Center manager Martin Garcia. “We started having a rash of up to a hundred customers at one time complaining. Some customers complained of the horns going off in the middle of the night. The only option they had was to remove the battery.”
“我們初步否認它的機械故障,”得克薩斯州汽車中心經理馬丁加西亞說。 “我們開始有一個輕率的右多達 一百名消費者在一時投訴,有些客戶抱怨鞍在半夜失控,唯一的選擇是他們取下電池。“
The dealership used a system called Webtech Plus as an alternative to repossessing vehicles that haven’t been paid for. Operated by Cleveland-based Pay Technologies, the system lets car dealers install a small black box under vehicle dashboards that responds to commands issued through a central website, and relayed over a wireless pager network. The dealer can disable a car’s ignition system, or trigger the horn to begin honking, as a reminder that a payment is due. The system will not stop a running vehicle.
經銷商使用一種系統稱為 Webtech Plus,作為一選擇去收回尚未付款的車輛。由克里夫蘭為基地的支付科技所操作,該系統讓汽車經紀安裝一個小黑盒在車輛的儀表板下,通過一個中央網站回應發出的命令,並在一無線傳呼網絡接力。經紀可以令汽車的點火系統失去能力,或引發鞍角開始鳴叫,作為付款已到期的提醒者。系統將不會停止運行中的車輛。
Texas Auto Center began fielding complaints from baffled customers the last week in February, many of whom wound up missing work, calling tow trucks or disconnecting their batteries to stop the honking. The troubles stopped five days later, when Texas Auto Center reset the Webtech Plus passwords for all its employee accounts, says Garcia. Then police obtained access logs from Pay Technologies, and traced the saboteur’s IP address to Ramos-Lopez’s AT&T internet service, according to a police affidavit filed in the case.
德州汽車中心在2月最後一週開始接收來自困惑客戶的投訴,他們中許多人清盤失踪的工作,要求拖車或斷開電池以停止喇叭鳴叫。麻煩5天後停止,當德州汽車中心為所有員工的帳戶重置Webtech Plus密碼,加西亞說。然後警方從支付科技獲取使用日誌,並去拉莫斯- 洛佩茲的AT&T的互聯網服務,追查破壞者的IP地址,根據警方在案件中提出的起訴書。
Ramos-Lopez’s account had been closed when he was terminated from Texas Auto Center in a workforce reduction last month, but he allegedly got in through another employee’s account, Garcia says. At first, the intruder targeted vehicles by searching on the names of specific customers. Then he discovered he could pull up a database of all 1,100 Auto Center customers whose cars were equipped with the device. He started going down the list in alphabetical order, vandalizing the records, disabling the cars and setting off the horns.
“Omar was pretty good with computers,” says Garcia.
The incident is the first time an intruder has abused the no-start system, according to Jim Krueger, co-owner of Pay Technologies. “It was a fairly straightforward situation,” says Krueger. “He had retained a password, and what happened was he went in and created a little bit of havoc.”
Krueger disputes that the horns were honking in the middle of the night; he says the horn honking can only be activated between 9 a.m. and 9 p.m.
First rolled out about 10 years ago, remote immobilization systems are a controversial answer to delinquent car payments, with critics voicing concerns that debtors could suffer needless humiliation, or find themselves stranded during an emergency. Proponents say the systems let financers extend credit to consumers who might otherwise be ineligible for an auto loan.
Austin police filed computer intrusion charges against Ramos-Lopez on Tuesday.
http://www.wired.com/threatlevel/2010/03/hacker-bricks-cars/
沒有留言:
發佈留言