Before I start, let me explain that these type of devices are new to me. The Passtime company which is based in the United States has shut down the car of a Female driver while she was on the highway in Las Vegas Interstate. This incident happened in 2012, but the dailymail.co.uk reported on it in 2014. The female was driving the car which she got from her auto lender, but once she missed a payment, the auto lender initiated a shutdown procedure which disabled the car of the female driver.
As you can imagine, the female driver was shocked and was unable to control the car any further, this resulted in a near crash on the busy interstate.
But it is not the first time, the dailymail reports that this case has happened before with auto lenders which use the PassTime (Ontime) device to track and control their cars.
The companies are using these type of devices as this allows them to get their money from people which have not paid their costs on time. The auto lender companies report that 25% of their business is slowed because of people that do not pay on time.
Now just imagine if a malicious user would gain access to the control panel which controls the “state” of the car. What would happen if a malicious user would send the “shut down” command to hundreds or thousands of cars?! What would happen if it would be a “unaware” user or intern? 🙂
This system needs to be checked and it needs to verify the location of the car. For example, check if “speed=0” then “shutdown” car.