Wireless Auto Repossession System Hacked – Cars Disabled

In Austin Texas, more than 100 customers of a local car dealership suddenly found their cars dead or their horns honking out of control when a vengeful former employee decided to take action using their computerized payment nagging system:

The dealership used a system called Webtech Plus as an alternative to repossessing vehicles that haven’t been paid for. Operated by Cleveland-based Pay Technologies, the system lets car dealers install a small black box under vehicle dashboards that responds to commands issued through a central website, and relayed over a wireless pager network. The dealer can disable a car’s ignition system, or trigger the horn to begin honking, as a reminder that a payment is due.

While there are questions of the ethics and legality of shutting down someone’s car due to failure to pay, the important lesson here is to avoid using wireless and web-based capabilities carelessly. Many such systems are designed without taking into account hacking or insider threat. In this case, customers who had the “black box” in their cars were at risk to both employees of the dealer and Pay Technologies as well as any random hacker who managed to get into either company’s systems.

The simplest and most effective solution is to avoid wireless and web technologies where there is no clear mission goal or benefit. Even then, they must be implemented with strong security measures designed by specialists.