[ISN] Hobbyists modify GM's OnStar system

From: InfoSec News (isn@private)
Date: Mon Dec 29 2003 - 02:10:26 PST

  • Next message: InfoSec News: "[ISN] Linux Advisory Watch - December 26th 2003"

    http://www.bayarea.com/mld/mercurynews/business/7569678.htm
    
    By Sandeep Junnarkar
    New York Times
    Dec. 25, 2003
    
    Ray and Elna Kawal hit the open road in the fall on an 8,000-mile trip 
    in their 2002 Chevy Tahoe with General Motors' OnStar navigation 
    system serving as their North Star.
    
     From their home in Sequim, Wash., across to Denver and Chicago, down 
    to Mexico and then homeward through Arizona and California, the Kawals 
    followed directions to tourist destinations, hotels and their friends' 
    homes using OnStar's Global Positioning System navigation -- just the 
    kind of business GM covets for its subscription service. But in this 
    case, the automaker didn't make a penny from the six-week excursion.
    
    That's because Ray Kawal, a 57-year-old retired engineer, had pried 
    the OnStar unit from behind the glove compartment and customized it to 
    work with his laptop and commercially available mapping software. His 
    wife read him directions right off the laptop that sat between them. 
    The modified unit was no longer connected to the OnStar network, over 
    which representatives could have provided the same service for a fee.
    
    ``My wife was basically doing a lot of what the OnStar service person 
    would do,'' Kawal said. ``Many of the things OnStar wants you to pay 
    for, you can take the unit out and do it yourself.''
    
    Web instructions
    
    Other road warriors are quickly discovering this as Web sites and 
    message boards spring up with step-by-step instructions on removing 
    and personalizing OnStar's navigational and communications components.
    
    While there are no estimates on how many people have customized the 
    device in their cars, those who are proficient at adapting the system 
    are helping friends and family members do so, and some are beginning 
    to parlay their skills into a weekend business.
    
    The hobbyists have OnStar peering around an unforeseen curve.
    
    Bruce Radloff, OnStar's chief technology officer, pointed out that 
    owners who tamper with the system risk voiding the warranty on the 
    OnStar unit -- and more critically, the warranty on the entire car. 
    Yet he acknowledges the temptation.
    
    ``From my own perspective -- and GM may feel differently -- once 
    someone buys the car, I guess their desire to modify it and make 
    changes to it is up to them,'' Radloff said. ``But why would you take 
    that kind of risk of invalidating your vehicle warranty when you can 
    go out and buy a GPS receiver for a couple of hundred bucks these 
    days?''
    
    `Freedom to tinker'
    
    The question goes to the heart of a principle long embraced by 
    technologists. Edward W. Felten, a professor of computer science at 
    Princeton University and a leading voice for this philosophy, defines 
    it on his Web log as the ``freedom to tinker'' ethic. This calls for 
    the ``freedom to understand, discuss, repair and modify the 
    technological devices you own.''
    
    Tinkerers seek little justification to deconstruct any technology. A 
    common reason given for fiddling with a device is simply that it's 
    there. These technologists believe that a bit of tweaking will 
    inevitably unearth some innovative uses.
    
    It was this curiosity that led Pete Carter, a 28-year-old computer 
    engineer at an online brokerage in Omaha, to plug a GPS unit he had 
    bought for his father into his own laptop just to see how it would 
    react. To his surprise, the laptop picked up the device without 
    requiring any additional software.
    
    He figured that the components used by OnStar's GPS unit were probably 
    the same and resolved to put his theory to the test. After the 
    challenge of prying the unit loose from behind the dashboard, Carter 
    faced a more daunting task. He had to switch the unit's programming 
    language to one accepted by commercial mapping software and then 
    solder a connection compatible with his laptop. Once he succeeding at 
    harnessing the GPS capabilities of his OnStar system, he created a Tap 
    Into OnStar Web site (mem bers.cox.net/onstar) to help others modify 
    their units.
    
    Fee for service
    
    When a driver requests directions from an OnStar representative, his 
    GPS data is routed over an analog cellular network to OnStar 
    computers. The agent then reads back the directions over the same 
    cellular network. The price for this service, which also includes 
    emergency services and hotel and restaurant recommendations and 
    reservations, is about $420 annually, or $400 if paid upfront.
    
    For some, the success such hobbyists have had in tapping into their 
    personal OnStar units evokes the hacker who seeks to break into a 
    networked system simply out of curiosity.
    
    Security researchers have even raised the specter that as more cars 
    come equipped with OnStar navigation systems, hackers will be tempted 
    to try to exploit the technology to locate OnStar users.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Dec 29 2003 - 04:43:32 PST