[ISN] Code breakers needed

From: InfoSec News (isn@private)
Date: Mon Dec 12 2005 - 00:15:38 PST


http://www.chron.com/disp/story.mpl/business/3513114.html

By GRANT SCHULTE
Copyright 2005 
Houston Chronicle Washington Bureau 
Dec. 8, 2005

WASHINGTON - Those pesky u-codes - the electronic keys needed to fix
everything from air bags to headlights - were confounding Richard
Mendoza yet again.

Sure, the Houston mechanic had just invested $6,800 in software that
could read a car's computer, pinpointing virtually any problem. And
yes, he could have figured out why the Chevy Impala's air bag light
was on, had he gotten the right digital feedback.

But the information Mendoza needed was hidden by an "underlining
code," a PIN automakers create to protect trade secrets and stop car
thieves. Mendoza, the manager of independently owned repair garage
Auto Check, sent his customer to the manufacturer.

"They normally don't come back," he said. "It leaves the impression
that you can't handle the job."

Such cases are rare . maybe once every three months, Mendoza said .  
but highlight a growing concern among small, independent garages and
some lawmakers. With vehicles relying ever-more on computers, Congress
is reviewing a bill to pry open the technology that runs cars, trucks
and vans.

Automakers, who oppose the measure, said the results would reveal
codes for the security systems of newer models, putting them at
greater risk of theft, and force them into court battles on several
fronts. A mechanic with access to an air bag's "underlining codes,"  
for instance, could reprogram the system in a way that renders the
light unreliable, manufacturers said.

Representatives for General Motors Corp., which owns Chevrolet,
declined to speak about the bill.

The Motor Vehicle Owners' Right to Repair Act, sponsored by Rep. Joe
Barton, requires auto manufacturers to provide owners, or their
mechanic, the software or tools needed to diagnose a car's problem.

Barton, who heads the committee reviewing the bill, is "very
optimistic" the measure will pass unless both sides reach an agreement
on how to deal with such disputes on their own, spokeswoman Karen
Modlin said.

The Texas Republican also has contacted the Federal Trade Commission
in hopes of creating an independent middleman that would help settle
such disputes, Modlin said.


Talks have failed

An effort to resolve the argument through a similar group, the
National Automotive Service Task Force, failed in September. The talks
between automakers and mechanics show no sign of resuming in the near
future.

Both sides said they would rather avoid government involvement. But
with expanding technology, the high cost of diagnostic tools and a
growing source of income at stake, independent mechanics said inaction
now will cost them customers later.

"We're afraid that if the legislation goes away, so will any hope of
cooperation," said Robert Everett, a New Jersey mechanic who testified
last month before the House Commerce, Trade and Consumer Protection
Subcommittee.


Problems could worsen

Mechanics and some automakers agree that the difficulties facing
independent mechanics could worsen without a compromise. Everett said
computer codes have already complicated efforts to fix dashboards,
interior lights and brake systems on some newer vehicles.

Representatives for the automakers said the most critical repair
information is already available. With 240 million vehicles on the
nation's roads, manufacturers said they rely on aftermarket businesses
to keep customers driving and repair costs down.

But releasing certain information, like the codes that control a car's
antitheft system, would create a host of problems, they said.

"If you allow everyone access to the computer key information, then
what good would the protection be?" said John Cabaniss, director of
environment and energy at the Association of International Automobile
Manufacturers.

Many automakers also worry that the bill . which accuses them of
restricting information "in a manner that has hindered open
competition" . will leave them vulnerable to lawsuits.

Disclosing proprietary information could likewise force them into
expensive legal battles against intellectual property thieves, they
said, despite language in the bill that protects trade secrets.


Getting data, tools costly

Michael Stanton, vice president of government affairs for the Alliance
of Automobile Manufacturers, said independent mechanics can find most
of the information they need through company-run subscription Web
sites.

"It's frustrating for them. I understand that," Stanton said. "But I
think it's fair to say that the vast, vast majority of information is
already available."

Perhaps, but gathering the necessary data and tools is often too
expensive and time-consuming for small businesses, said Christopher
Garcia, a self-employed mechanic in Houston.

In the past month, Garcia said, he accepted two customers whose cars
weren't starting. Each should have taken five hours to fix. Instead,
Garcia spent 15 hours hunting for the problem's cause in an unusual
place: car repair manuals at the public library.




_________________________________________
Earn your Master's degree in Information Security ONLINE
www.msia.norwich.edu/csi
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.



This archive was generated by hypermail 2.1.3 : Mon Dec 12 2005 - 00:58:07 PST