[Shotimes] (OT) NYTimes.com Article:Because It's There: Commandeering a G.P.S. Navigator

[Ron Porter]

Interesting!! Retired people hacking into OnStar!!

Ron Porter

Because It's There: Commandeering a G.P.S. Navigator

December 18, 2003
 By SANDEEP JUNNARKAR 


RAY AND ELNA KAWAL hit the open road this fall on an
8,000-mile trip in their 2002 Chevy Tahoe with General
Motors' OnStar navigation system serving as their North
Star. 

>From their home in Sequim, Wash., across to Denver and
Chicago, down to Mexico and then homeward through Arizona
and California, the Kawals followed directions to tourist
destinations, hotels and their friends' homes using
OnStar's Global Positioning System navigation - just the
kind of business G.M. covets for its subscription service.
But in this case, the automaker didn't make a penny from
the six-week excursion. 

That's because Mr. Kawal, a 57-year-old retired engineer,
had pried the OnStar unit from behind the glove compartment
and customized it to work with his laptop and commercially
available mapping software. His wife read him directions
right off the laptop that sat between them. The modified
unit was no longer connected to the OnStar network, over
which representatives could have provided the same service
for a fee. 

"My wife was basically doing a lot of what the OnStar
service person would do," Mr. Kawal said. "Many of the
things OnStar wants you to pay for, you can take the unit
out and do it yourself." 

Other road warriors are quickly discovering this as Web
sites and message boards spring up with step-by-step
instructions on removing and personalizing OnStar's
navigational and communications components. 

While there are no estimates on how many people have
customized the device in their cars, those who are
proficient at adapting the system are helping friends and
family members do so, and some are parlaying their skills
into weekend businesses. 

The hobbyists have OnStar peering around an unforeseen
curve. 

Bruce Radloff, OnStar's chief technology officer, pointed
out that owners who tamper with the system risk voiding the
warranty on the OnStar unit - and more critically, the
warranty on the entire car. Yet he acknowledges the
temptation. 

"From my own perspective - and G.M. may feel differently -
once someone buys the car, I guess their desire to modify
it and make changes to it is up to them," Mr. Radloff said.
"But why would you take that kind of risk of invalidating
your vehicle warranty when you can go out and buy a G.P.S.
receiver for a couple of hundred bucks these days?" 

The question goes to the heart of a principle long embraced
by technologists. Edward W. Felten, a professor of computer
science at Princeton University and a leading voice for
this philosophy, defines it on his Web log as the "freedom
to tinker" ethic. This calls for the "freedom to
understand, discuss, repair and modify the technological
devices you own.'' 

Tinkerers seek little justification to deconstruct any
technology. A common reason given for fiddling with a
device is simply that it's there. These technologists
believe that a bit of tweaking will inevitably unearth some
innovative uses. 

"They want to experiment to see if it has legitimate
applications other than what the car manufacturer
intended," Mr. Felten said. 

It was this curiosity that led Pete Carter, a 28-year-old
computer engineer at an online brokerage in Omaha, to plug
a G.P.S. unit he had bought for his father into his own
laptop just to see how it would react. To his surprise, the
laptop picked up the device without requiring any
additional software. 

He figured that the components used by OnStar's G.P.S. unit
were probably the same and resolved to put his theory to
the test. After the challenge of prying the unit loose from
behind the dashboard, Mr. Carter faced a more daunting
task. He had to switch the unit's programming language to
one accepted by commercial mapping software and then solder
a connection compatible with his laptop. Once he succeeding
at harnessing the G.P.S. capabilities of his OnStar system,
he created a Tap Into OnStar Web site
(members.cox.net/onstar) to help others modify their units.


All G.P.S. devices rely on the constellation of Pentagon
satellites orbiting Earth and ground stations scattered
around the world to calculate longitude and latitude within
yards. While technology like OnStar can gauge locations
within 100 yards or so, more advanced devices can plot it
within inches. 

When a driver requests directions from an OnStar
representative, his G.P.S. data is routed over an analog
cellular network to OnStar computers. The agent then reads
back the directions over the same cellular network. The
price for this service, which also includes emergency
services and hotel and restaurant recommendations and
reservations, is about $420 annually, or $400 if paid
upfront. 

"I guess I'm getting the G.P.S. data without going through
the middleman," Mr. Carter said. 

For some, the success such hobbyists have had in tapping
into their personal OnStar units evokes the hacker who
seeks to break into a networked system simply out of
curiosity. 

"There is this community that is interested in examining
and figuring out how things work," said David Safford, the
manager of I.B.M. Research's Global Security Analysis
Laboratory in Hawthorne, N.Y. "You are always going to have
that level of inquisitive hacking from talented people." 

Security researchers have even raised the specter that as
more cars come equipped with OnStar navigation systems,
hackers will be tempted to try to exploit the technology to
locate OnStar users. 

Yet Mr. Safford said, "There have been papers written about
the theoretical things you could do with systems like this
- kidnapping, tracking - but they tend not to be the
traditional goals of hackers." 

Mr. Radloff, the OnStar chief technology officer,
emphasized that his security team had encountered no
attempts to breach defenses. But he conceded that any
system could be compromised. 

"I would never want you to think that we believe that our
system is invincible, because it's not," Mr. Radloff said.
"But we have taken some steps so that not just anybody can
hack into it." 

One potential weakness cited by experts is OnStar's use of
an analog cellular network - considered less secure than a
digital network - to transmit data to and from the car. 

While admitting that such a break-in is beyond the skill of
most hackers, security researchers said that equipment was
available that could be used to hack into analog cellular
networks. Such equipment, however, is more expensive and
harder to find, and easier for security systems to track. 

OnStar says it plans to upgrade to a digital network over
the next few years but has in the meantime adopted
proprietary defenses to protect the connections. 

"We feel relatively comfortable in the fact that we have
multiple layers that someone is going to have to sit down
and work their way through," Mr. Radloff said. 

A major concern with such systems is whether someone's
exact location can be surreptitiously tracked. This fear
has worked to the advantage of OnStar hobbyists, who can
now buy discarded units on the Internet. 

"I found an extra one on eBay that someone had taken out,"
said Andrew Nordquist, a 25-year-old in North Bellmore,
N.Y., who has customized his father's car and is now
working on his own. "A lot of people get worried when they
find out the G.P.S. is always on - like big brother is
always watching - so they unhook it and leave it off." 

http://www.nytimes.com/2003/12/18/technology/circuits/18star.html?ex=1073133
568&ei=1&en=88290d036cc5f8f1