[Shotimes] (OT) NYTimes.com Article:Because It's There: Commandeering a G.P.S. Navigator

[Ron Childs]

It cracks me up that OnStar is marketing remote door unlocking as a big selling
point. I can unlock my SHO without a key with just the keypad on the door; no phone
needed. A lower-tech solution but much better convienience-wise. At $400/year you
will not soon see me as an OnStar customer.

-Ron Childs  '91


--- Ron Porter <ronporter@prodigy.net> wrote:
> Interesting!! Retired people hacking into OnStar!!
> 
> Ron Porter
> 
> Because It's There: Commandeering a G.P.S. Navigator
> 
> December 18, 2003
>  By SANDEEP JUNNARKAR 
> 
> 
> RAY AND ELNA KAWAL hit the open road this fall on an
> 8,000-mile trip in their 2002 Chevy Tahoe with General
> Motors' OnStar navigation system serving as their North
> Star. 
> 
> From their home in Sequim, Wash., across to Denver and
> Chicago, down to Mexico and then homeward through Arizona
> and California, the Kawals followed directions to tourist
> destinations, hotels and their friends' homes using
> OnStar's Global Positioning System navigation - just the
> kind of business G.M. covets for its subscription service.
> But in this case, the automaker didn't make a penny from
> the six-week excursion. 
> 
> That's because Mr. Kawal, a 57-year-old retired engineer,
> had pried the OnStar unit from behind the glove compartment
> and customized it to work with his laptop and commercially
> available mapping software. His wife read him directions
> right off the laptop that sat between them. The modified
> unit was no longer connected to the OnStar network, over
> which representatives could have provided the same service
> for a fee. 
> 
> "My wife was basically doing a lot of what the OnStar
> service person would do," Mr. Kawal said. "Many of the
> things OnStar wants you to pay for, you can take the unit
> out and do it yourself." 
> 
> Other road warriors are quickly discovering this as Web
> sites and message boards spring up with step-by-step
> instructions on removing and personalizing OnStar's
> navigational and communications components. 
> 
> While there are no estimates on how many people have
> customized the device in their cars, those who are
> proficient at adapting the system are helping friends and
> family members do so, and some are parlaying their skills
> into weekend businesses. 
> 
> The hobbyists have OnStar peering around an unforeseen
> curve. 
> 
> Bruce Radloff, OnStar's chief technology officer, pointed
> out that owners who tamper with the system risk voiding the
> warranty on the OnStar unit - and more critically, the
> warranty on the entire car. Yet he acknowledges the
> temptation. 
> 
> "From my own perspective - and G.M. may feel differently -
> once someone buys the car, I guess their desire to modify
> it and make changes to it is up to them," Mr. Radloff said.
> "But why would you take that kind of risk of invalidating
> your vehicle warranty when you can go out and buy a G.P.S.
> receiver for a couple of hundred bucks these days?" 
> 
> The question goes to the heart of a principle long embraced
> by technologists. Edward W. Felten, a professor of computer
> science at Princeton University and a leading voice for
> this philosophy, defines it on his Web log as the "freedom
> to tinker" ethic. This calls for the "freedom to
> understand, discuss, repair and modify the technological
> devices you own.'' 
> 
> Tinkerers seek little justification to deconstruct any
> technology. A common reason given for fiddling with a
> device is simply that it's there. These technologists
> believe that a bit of tweaking will inevitably unearth some
> innovative uses. 
> 
> "They want to experiment to see if it has legitimate
> applications other than what the car manufacturer
> intended," Mr. Felten said. 
> 
> It was this curiosity that led Pete Carter, a 28-year-old
> computer engineer at an online brokerage in Omaha, to plug
> a G.P.S. unit he had bought for his father into his own
> laptop just to see how it would react. To his surprise, the
> laptop picked up the device without requiring any
> additional software. 
> 
> He figured that the components used by OnStar's G.P.S. unit
> were probably the same and resolved to put his theory to
> the test. After the challenge of prying the unit loose from
> behind the dashboard, Mr. Carter faced a more daunting
> task. He had to switch the unit's programming language to
> one accepted by commercial mapping software and then solder
> a connection compatible with his laptop. Once he succeeding
> at harnessing the G.P.S. capabilities of his OnStar system,
> he created a Tap Into OnStar Web site
> (members.cox.net/onstar) to help others modify their units.
> 
> 
> All G.P.S. devices rely on the constellation of Pentagon
> satellites orbiting Earth and ground stations scattered
> around the world to calculate longitude and latitude within
> yards. While technology like OnStar can gauge locations
> within 100 yards or so, more advanced devices can plot it
> within inches. 
> 
> When a driver requests directions from an OnStar
> representative, his G.P.S. data is routed over an analog
> cellular network to OnStar computers. The agent then reads
> back the directions over the same cellular network. The
> price for this service, which also includes emergency
> services and hotel and restaurant recommendations and
> reservations, is about $420 annually, or $400 if paid
> upfront. 
> 
> "I guess I'm getting the G.P.S. data without going through
> the middleman," Mr. Carter said. 
> 
> For some, the success such hobbyists have had in tapping
> into their personal OnStar units evokes the hacker who
> seeks to break into a networked system simply out of
> curiosity. 
> 
> "There is this community that is interested in examining
> and figuring out how things work," said David Safford, the
> manager of I.B.M. Research's Global Security Analysis
> Laboratory in Hawthorne, N.Y. "You are always going to have
> that level of inquisitive hacking from talented people." 
> 
> Security researchers have even raised the specter that as
> more cars come equipped with OnStar navigation systems,
> hackers will be tempted to try to exploit the technology to
> locate OnStar users. 
> 
> Yet Mr. Safford said, "There have been papers written about
> the theoretical things you could do with systems like this
> - kidnapping, tracking - but they tend not to be the
> traditional goals of hackers." 
> 
> Mr. Radloff, the OnStar chief technology officer,
> emphasized that his security team had encountered no
> attempts to breach defenses. But he conceded that any
> system could be compromised. 
> 
> "I would never want you to think that we believe that our
> system is invincible, because it's not," Mr. Radloff said.
> "But we have taken some steps so that not just anybody can
> hack into it." 
> 
> One potential weakness cited by experts is OnStar's use of
> an analog cellular network - considered less secure than a
> digital network - to transmit data to and from the car. 
> 
> While admitting that such a break-in is beyond the skill of
> most hackers, security researchers said that equipment was
> available that could be used to hack into analog cellular
> networks. Such equipment, however, is more expensive and
> harder to find, and easier for security systems to track. 
> 
> OnStar says it plans to upgrade to a digital network over
> the next few years but has in the meantime adopted
> proprietary defenses to protect the connections. 
> 
> "We feel relatively comfortable in the fact that we have
> multiple layers that someone is going to have to sit down
> and work their way through," Mr. Radloff said. 
> 
> A major concern with such systems is whether someone's
> exact location can be surreptitiously tracked. This fear
> has worked to the advantage of OnStar hobbyists, who can
> now buy discarded units on the Internet. 
> 
> "I found an extra one on eBay that someone had taken out,"
> said Andrew Nordquist, a 25-year-old in North Bellmore,
> N.Y., who has customized his father's car and is now
> working on his own. "A lot of people get worried when they
> find out the G.P.S. is always on - like big brother is
> always watching - so they unhook it and leave it off." 
> 
> http://www.nytimes.com/2003/12/18/technology/circuits/18star.html?ex=1073133
> 568&ei=1&en=88290d036cc5f8f1
> _______________________________________________
> Shotimes mailing list
> Shotimes@autox.team.net
> http://www.team.net/mailman/listinfo/shotimes