Published Date: 2010-03-17
| Postmortem Analysis | |
|---|---|
| Timeline | 1. The software failure incident at Texas Auto Center in Austin, where more than 100 cars were disabled or had their horns honking out of control, happened in the last week of February 2010 [905]. 2. The incident involving a disgruntled former employee at Texas Auto Center in Austin who disabled over 100 cars using company software for car repossession occurred in 2010 [82209]. |
| System | 1. Webtech Plus system operated by Pay Technologies [Article 905] 2. OnStar communications system in General Motors cars [Article 82209] |
| Responsible Organization | 1. Omar Ramos-Lopez, a former Texas Auto Center employee, caused the software failure incident by accessing the company's system and disabling over 100 cars [905]. 2. Hackers, including a veteran hacker named Samy Kamkar, have targeted cars in various incidents, highlighting vulnerabilities in the automotive industry's software systems [82209]. |
| Impacted Organization | 1. More than 100 drivers in Austin, Texas [905] 2. Texas Auto Center [905] 3. Pay Technologies [905] |
| Software Causes | 1. Unauthorized access to the web-based vehicle-immobilization system by a former employee, leading to the disabling of cars and honking horns [905] 2. Vulnerabilities in the company software used for car repossession, allowing a disgruntled former employee to disable over 100 cars [82209] |
| Non-software Causes | 1. Lack of proper access control and password management leading to unauthorized access to the vehicle immobilization system [905] 2. Insufficient security measures in place to prevent unauthorized access to the car repossession software [82209] |
| Impacts | 1. More than 100 drivers in Austin, Texas found their cars disabled or the horns honking out of control, causing inconvenience and potential embarrassment to the owners [905]. 2. Customers complained of horns going off in the middle of the night, leading to disturbed sleep and potential disturbance to neighbors [905]. 3. Some customers had to miss work, call tow trucks, or disconnect their batteries to stop the honking, resulting in financial and time costs [905]. 4. The incident raised concerns about the potential for abuse of remote immobilization systems, highlighting the risks associated with such technology [905]. 5. The incident led to the arrest of the perpetrator, Omar Ramos-Lopez, on computer intrusion charges [905]. |
| Preventions | 1. Implementing stricter access controls and monitoring of employee accounts to prevent unauthorized access to the software system could have prevented the incident [905]. 2. Regularly updating and changing passwords for the software system to prevent ex-employees from retaining access and causing havoc [905]. 3. Conducting thorough security audits and penetration testing of the software system to identify and address vulnerabilities that could be exploited by malicious actors [82209]. 4. Collaborating with cybersecurity experts and researchers to proactively identify and address potential security flaws in the software system [82209]. 5. Enhancing encryption and authentication mechanisms within the software system to prevent unauthorized access and tampering with vehicle immobilization features [82209]. |
| Fixes | 1. Implementing stricter access controls and password management protocols to prevent unauthorized access to the software system [905]. 2. Regularly updating and patching software systems to address vulnerabilities and prevent exploitation by malicious actors [82209]. 3. Collaborating with cybersecurity experts and researchers to identify and address potential security weaknesses in the software system [82209]. 4. Establishing industry-wide initiatives like the Automotive Information Sharing and Analysis Center (Auto-ISAC) to facilitate information sharing and enhance cybersecurity practices across automakers [82209]. | References | 1. Texas Auto Center manager Martin Garcia [905] 2. Jim Krueger, co-owner of Pay Technologies [905] 3. Samy Kamkar, veteran hacker [82209] 4. Dan Flores, G.M. cybersecurity and safety spokesman [82209] 5. Doug Newcomb, senior industry analyst at Wards Intelligence [82209] 6. Steve Tengler, principal at Kugler Maag Cie [82209] 7. Dr. André Weimerskirch, vice president for cybersecurity and functional safety at Lear Corporation [82209] 8. Faye Francy, executive director of Automotive Information Sharing and Analysis Center (Auto-ISAC) [82209] 9. Ron Plesco, principal at KPMG Cyber Security Services [82209] 10. Dan Sahar, vice president at Upstream Security [82209] 11. Juniper Research [82209] 12. Jono Anderson, principal at KPMG [82209] |
| Category | Option | Rationale |
|---|---|---|
| Recurring | one_organization, multiple_organization | (a) In Article 82209, it is mentioned that in 2010, a disgruntled former employee at Texas Auto Center in Austin used a co-worker’s account to log into company software used for car repossession, which resulted in over 100 cars being disabled and honking uncontrollably [82209]. (b) Article 82209 also discusses a separate incident in 2015 involving hackers Chris Valasek and Charlie Miller who demonstrated the ability to remotely control a Jeep Cherokee's functions through its UConnect infotainment system, leading to a recall of 1.4 million Fiat Chrysler cars and trucks [82209]. |
| Phase (Design/Operation) | design, operation | (a) The software failure incident related to the design phase can be seen in Article 905, where a former employee of Texas Auto Center used a co-worker's account to log into the company software used for car repossession. The employee disabled over 100 cars, causing them to honk furiously and become unable to start. This incident was a result of a flaw in the design of the system that allowed unauthorized access and misuse of the software [905]. (b) The software failure incident related to the operation phase is evident in Article 905, where the cars were disabled or had their horns honking out of control due to an intruder running amok in the web-based vehicle-immobilization system. This failure was a result of the operation or misuse of the system by the disgruntled former employee who sought revenge by vandalizing the records, disabling the cars, and setting off the horns [905]. |
| Boundary (Internal/External) | within_system | (a) within_system: The software failure incident reported in Article 905 was within the system. The incident involved a disgruntled former employee, Omar Ramos-Lopez, who used his knowledge of the Webtech Plus system to log in through another employee's account and disable over 100 cars by vandalizing records, disabling the cars, and setting off the horns [905]. (b) outside_system: The software failure incident reported in Article 82209 highlights the potential for software failures originating from outside the system. The article discusses the increasing threat of hackers targeting cars, with examples such as a veteran hacker building a device to unlock and remotely start General Motors cars and the demonstration of remotely controlling a Jeep Cherokee's functions through its UConnect infotainment system. This external threat prompts the auto industry to enhance security efforts to protect against potential malicious attacks [82209]. |
| Nature (Human/Non-human) | human_actions | (a) The software failure incident occurring due to non-human actions: - The incident in Article 905 was caused by an intruder who gained unauthorized access to the web-based vehicle-immobilization system, leading to cars being disabled or horns honking out of control [905]. - In Article 82209, the article mentions how a disgruntled former employee at Texas Auto Center used a co-worker's account to log into company software used for car repossession, resulting in over 100 cars being disabled [82209]. (b) The software failure incident occurring due to human actions: - The incident in Article 905 was initiated by a former employee, Omar Ramos-Lopez, who sought revenge by accessing the system and bricking cars sold from the dealership [905]. - Article 82209 also highlights the case of a disgruntled former employee at Texas Auto Center who used a co-worker's account to disable over 100 cars through company software used for car repossession [82209]. |
| Dimension (Hardware/Software) | hardware, software | (a) The software failure incident occurring due to hardware: - The incident in Article 905 involved a disgruntled former employee who used a web-based vehicle-immobilization system to disable cars by bricking them, which was a hardware-related issue as the system involved installing a small black box under vehicle dashboards to respond to commands issued through a central website [905]. - The incident in Article 82209 mentioned how a veteran hacker built a device for under $100 that could find, unlock, and remotely start General Motors cars equipped with the OnStar communications system, which highlighted a hardware vulnerability in the vehicles [82209]. (b) The software failure incident occurring due to software: - The incident in Article 905 was primarily a software failure as the former employee gained unauthorized access to the system using another employee's account and proceeded to disable cars and set off horns by manipulating the software commands [905]. - The incident in Article 82209 discussed the ongoing challenge of securing cars due to the increasing complexity of software systems in vehicles, with concerns about potential cyberattacks targeting the software components of modern cars [82209]. |
| Objective (Malicious/Non-malicious) | malicious, non-malicious | (a) The software failure incident described in Article 905 was malicious in nature. The incident involved a disgruntled former employee who used his knowledge of the system to gain unauthorized access and disable over 100 cars, causing chaos for the owners [905]. (b) The articles also discuss non-malicious software failures in the automotive industry, such as vulnerabilities discovered by white hat hackers like Samy Kamkar and security researchers. These incidents highlight the importance of ongoing efforts to secure vehicles against potential cyber threats [82209]. |
| Intent (Poor/Accidental Decisions) | poor_decisions | (a) The intent of the software failure incident: - The incident at Texas Auto Center in Austin, where over 100 cars were disabled or had their horns honking out of control, was caused by a former employee seeking revenge after being laid off. The employee, Omar Ramos-Lopez, accessed the company's software system using another employee's account and proceeded to disable cars and set off horns as a form of sabotage [905]. - This incident was a result of a deliberate and malicious act by the former employee, indicating poor decisions made by the individual to misuse the software system for personal revenge. |
| Capability (Incompetence/Accidental) | development_incompetence | (a) The software failure incident occurring due to development incompetence: - The incident at Texas Auto Center in Austin, where over 100 cars were disabled or had their horns honking out of control, was caused by a former employee, Omar Ramos-Lopez, who used his computer skills to sabotage the Webtech Plus system used by the dealership for vehicle immobilization [905]. - Ramos-Lopez, who was laid off from the dealership, accessed the system through another employee's account and systematically disabled cars by vandalizing records and setting off horns, showcasing his proficiency with computers [905]. (b) The software failure incident occurring accidentally: - The incident involving the disgruntled former employee at Texas Auto Center in Austin, who disabled over 100 cars using a co-worker's account, was not accidental but rather a deliberate act of sabotage carried out by the individual [82209]. - The incident was a result of intentional actions taken by the former employee to seek revenge on the dealership, rather than being a random or accidental software failure [905]. |
| Duration | temporary | (a) The software failure incident described in Article 905 was temporary. The incident involved a former employee gaining unauthorized access to the company's software system used for car repossession, resulting in over 100 cars being disabled or having their horns honking out of control. The dealership had to reset passwords and take actions to stop the issues caused by the intruder [905]. (b) The software failure incident described in Article 82209 also highlights the potential for temporary failures in the automotive industry due to cybersecurity threats. The article discusses how hackers have targeted cars, including a case where a hacker built a device to unlock and remotely start General Motors cars. The industry has been working on improving security measures to address these vulnerabilities [82209]. |
| Behaviour | crash, omission, byzantine, other | (a) crash: The incident described in Article 905 involved a software failure that led to cars being disabled or horns honking out of control due to an intruder manipulating the web-based vehicle-immobilization system. This resulted in the system not performing its intended functions and causing a disruption in the normal operation of the vehicles [905]. (b) omission: The software failure incident in Article 905 also involved an omission aspect where the system omitted to perform its intended functions correctly. Customers complained of the horns going off in the middle of the night, which was not the intended behavior of the system. This omission led to inconvenience for the car owners [905]. (c) timing: The incident in Article 905 did not specifically mention a timing-related failure where the system performed its intended functions but at the wrong time. (d) value: The software failure incident in Article 905 did not involve a value-related failure where the system performed its intended functions incorrectly. (e) byzantine: The behavior of the software failure incident in Article 905 could be categorized as a byzantine failure. The intruder manipulated the system to disable cars and set off horns in an erratic and inconsistent manner, leading to confusion and disruption among the affected customers [905]. (f) other: The other behavior observed in the software failure incident in Article 905 was unauthorized access and misuse of the system by a former employee, leading to the disruption of normal vehicle operations. This unauthorized access and misuse of the system resulted in a significant impact on the customers and their vehicles [905]. |
| Layer | Option | Rationale |
|---|---|---|
| Perception | processing_unit, network_communication, embedded_software | (a) Sensor: The incident reported in Article 905 involved a web-based vehicle-immobilization system that used a small black box under vehicle dashboards to respond to commands issued through a central website and relayed over a wireless pager network. This system could disable a car's ignition system or trigger the horn to begin honking. The failure in this case was related to an individual gaining unauthorized access to the system and using it to disable cars and set off the horns [905]. (b) Actuator: The same incident in Article 905 also involved the actuator aspect of the cyber physical system, where the unauthorized individual was able to trigger the horns of the cars to honk out of control. This action was not intended by the system's design and was a result of the unauthorized access and misuse of the system [905]. (c) Processing_unit: The processing unit aspect of the cyber physical system was implicated in the incident described in Article 905. The unauthorized individual gained access to the system by using another employee's account and proceeded to disable cars and set off the horns by manipulating the processing commands issued through the central website [905]. (d) Network_communication: The network communication aspect of the cyber physical system was also involved in the failure incident reported in Article 905. The unauthorized individual accessed the system through the network, traced back to his IP address, and used the wireless pager network to relay commands to disable cars and trigger the horns [905]. (e) Embedded_software: The incident in Article 905 highlighted a failure related to the embedded software used in the web-based vehicle-immobilization system. The unauthorized individual was able to exploit vulnerabilities in the system's software, including retaining a password and gaining access through another employee's account, to disable cars and set off the horns [905]. |
| Communication | connectivity_level | The software failure incident reported in the articles was related to the connectivity level of the cyber-physical system that failed. The incident involved a disgruntled former employee at Texas Auto Center in Austin who used a co-worker's account to log into company software used for car repossession. The employee disabled over 100 cars, causing owners who were up to date on their payments to suddenly find their vehicles honking furiously and unable to start [Article 82209]. This incident highlights a failure in the network or transport layer of the system, where unauthorized access led to the disruption of the intended functionality of the software system. |
| Application | TRUE | The software failure incident described in Article 905, where more than 100 drivers in Austin, Texas found their cars disabled or honking out of control, was related to the application layer of the cyber physical system. This failure was caused by an intruder, a former employee, who gained unauthorized access to the system using another employee's account and proceeded to disable the cars and set off the horns [905]. The incident involved the misuse of the web-based vehicle-immobilization system, which is an application layer component, to cause disruption and harm to the affected vehicles. |
| Category | Option | Rationale |
|---|---|---|
| Consequence | property, delay, non-human, theoretical_consequence | (a) death: There is no mention of any deaths resulting from the software failure incident in the articles [905, 82209]. (b) harm: The articles do not mention any physical harm caused to individuals due to the software failure incident [905, 82209]. (c) basic: There is no indication that people's access to food or shelter was impacted by the software failure incident [905, 82209]. (d) property: The software failure incident resulted in property damage as more than 100 drivers in Austin found their cars disabled or the horns honking out of control due to the intruder's actions [905]. (e) delay: People had to deal with inconveniences such as missing work, calling tow trucks, or disconnecting their batteries to stop the honking of their cars due to the software failure incident [905]. (f) non-human: The software failure incident impacted non-human entities, specifically vehicles, as they were disabled or had their horns honking uncontrollably [905]. (g) no_consequence: The software failure incident had real observed consequences, such as disabled cars and honking horns, so it does not fall under the no_consequence category. (h) theoretical_consequence: The articles discuss potential consequences of remote immobilization systems being abused, such as debtors suffering humiliation or being stranded during an emergency, but these potential consequences did not occur in this specific incident [905]. (i) other: There are no other consequences mentioned in the articles beyond the property damage, inconvenience, and potential consequences discussed. |
| Domain | finance | (a) The failed system was related to the finance industry as it was a web-based vehicle-immobilization system used by a dealership to get the attention of consumers delinquent in their auto payments [905]. (h) The failed system was specifically used by a car dealership as an alternative to repossessing vehicles that haven't been paid for, indicating its direct connection to the finance industry [905]. (m) The failed system was not directly related to any other industry mentioned in the options provided. |
Article ID: 905
Article ID: 82209