Roadside Assistance System Used for Eavesdropping

pegr writes "El Reg has a story about how a US appeals court has 'put the brakes on an FBI surveillance technique that turns an automobile driver's on-board vehicle navigation system into a covert eavesdropping device, after finding that the spying effectively disables the system's emergency and roadside assistance features.' Seems the right to get the service you pay for trumps the 'right' of the FBI to spy on you, using your own vehicle's systems!"

Surprised??

[Creepy+Crawler]

OnSpy, how can we help you?

Re:Surprised??

[That's+Unpossible!]

OnStar seems kind of useless to me. It came free for a year in my new Grand Prix and I never used it.

My boss uses his all the time, they are very friendly. On vacation, hit the button, "Hi, we'd like to stop for dinner at a decent chinese food restaurant in the next hour or so."

They'll search around near where you'll be in 60 minutes based on your speed and direction, call the place, make reservations if needed, explain to you how to get there. They'll even stay on the line with you as you navigate around. They don't usually seem to be in a hurry... nice service.

BTW, according to the article, it wasn't OnStar, it was their competitor being used by the FBI, FWIW.

Re:Surprised??

[javatips]

Note that if you have the system in your car and you are NOT paying for the service, then they can activate it and listen without any problem (if they have a warrant). They will not interfer with the service as you are not paying for it.

Re:Surprised??

[MoneyT]

Try again, you still need a warrant. Might I suggest reading the PATRIOT act at some point?

Re:Surprised??

[the_mad_poster]

Often, the only difference between being a paranoid whackjob and a prophet is whether or not you were popular in the first place.

Funny FBI

[dolo666]

What's most disturbing is that they only passed this because it prevented the saftey features from working, and not because it was infringing on rights of privacy. Crap, if they have a bug order anyway, can't they just bug the car?

I mean, the cops are listening... so... uh... what's the point of having roadside assistance? If the car breaks down, the FBI or whoever was listening could repsond!

I remember CSIS was slammed some years ago for agents listening in on random phone calls to Canadian citizens, and gossiping about what was going on with other agents, in a kind of Real-Radio type gagfest.

It's a good sign from the states that they are stopping this stuff, but I don't have much faith in that being followed by every cop out there. If they want to know what you're up to, trust me... they will.

Re:Funny FBI

[goofballs]

-How is it infringing on their "right" to privacy if the FBI had obtained a warrant to listen in on the service? For starters, there is no "right to privacy".).

yes, there IS a "right to privacy". the supreme court has interpreted the constitution as such, many times over the years.

-The Bill of Rights enumerates a number of rights that, taken in summary, give what amounts to a "right" of privacy, but no specific right to privacy itself. ).

Amendment IX- The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.

in other words, just because they don't spell it out certain rights, it doesn't mean you don't have them.

you know you're being tailed

[Frymaster]

when the guys who show up to fix your flat tire are wearing dark sunglasses.

Big Brother was late, but he's still on the way

[shystershep]

"Although the bottom line is that the surveillance order was rejected, the real effect of it is that this kind of monitoring is permissible as long it does not interfere with the service."

So how long until there is a federal law or regulation requiring these services to be able to work effectively even when the FBI is tapping in?

Where to start?

[Shakrai]

I could say something about being paranoid and not owning a car that comes with these systems (I really don't have a use for the roadside assistance anyway -- that's what my cell phone is for), but if the FBI really wants to bug your car, they are going to be able to do so. This just makes it easier for them. I guess as far as the civil liberties go I guess I'm alright with it as long as they had to get a warrant in the first place to do this. The scary thought is the idea of a private corporation or individual using this to spy on you.... don't ever dump/piss off that cute chick you met last night who works at the OnStar call-center :)

Interestingly enough, it seems that it was overturned because it stopped the system from providing the service that was sold to the customer (emergency notification when the button was pressed/airbags deployed in an accident). I wonder if the Feds will mandate that future versions of this system have the capability to spy on the customer and still work as provided?

You'd think the FBI would have been smarter then this. What would have happened if the suspect had a flat tire and tried to use his roadside assistance? Gig might have been up pretty quickly. I suspect some techie didn't do his homework....

vehicle tracking systems

[TWX]

Thing is, it might be fun to mess with people who are attempting to use such a system against you. Record the audio from movies where people are conspiring, and play it back when the car is driving. Shield the GPS receiver so that it doesn't receive properly, stuff like that.

Or, just learn how to be relatively self-sufficient on the road, so that they have a much harder time using things against you...

Even closer to home.

[orthogonal]

What about installation of a trojan to turn on and transmit audio from your PC's microphone, or pictures from the web cam?

I'll bet this is already part of the FBI's arsenal.

Prudence dictates disconnecting that microphone when not in use. And hardware based (less easily suborned) monitoring of outbound network traffic.

(The accomplished tin-foil hat wearer will suggest that a disconnected microphone will just mean a free-standing bug being installed, and he'd be right. But why connect the mic and make it easy for you to be spied upon?)

Press Release of the Future

[Accord+MT]

LOS ANGELES, Nov 1, 2033 -- Due to the overwhelming success of historic actions such as the PATRIOT act and the DMCA, this morning the United Corporations of America announced they will be launching SafeCam, their latest security-related legislative product.

Also known in the UCA as "consumers who look and act different", TERRORISTS have become a major threat to the consumer's way of life. The fact that he or she could be buying products from a real TERRORIST should send shivers down the spine of any good white God-fearing American consumer. There has been no way to effectively keep these TERRORISTS out of the marketplace, until now.

SafeCam is a nanochip-sized machine which locates consumer homes and positions itself in key strategic positions. The product records video and audio data of the consumer and his or her family, scanning their food, office, computer, medical records, and general lifestyle attributes. It automatically bills the consumer and sends everything it finds to a central server to be analyzed and, if necessary, be sent to the Department of Consumer Protection. If it uncovers evidence that a consumer might be a TERRORIST, it will alert the local Law Enforcement corporation using the tried-and-tested "Guilty Until Proven Innocent" algorithm so successfully employed by previous UCA legislative products. Evidence can include non-Christian religious material, photographs of middle-eastern-looking people, and any product with questionable foreign origin.

In the past, consumers have reacted positively to similar legislative products. Since non-TERRORISTS have nothing to hide, they do not mind 24-hour monitoring and reporting, and are now accustomed to the level of security the UCA provides.

The UCA reports they plan to initially deploy ten SafeCam devices for every one consumer into the air supply later this month. Of course, consumers may choose to block these devices from entering their homes and businesses, but this blocking will be used against them as evidence, because who else but a TERRORIST would be afraid of Big Brother?

About the United Corporations of America

The UCA is the world leader in consumer protection legislative products. Representing corporations throughout the world, the UCA's mission is to provide a safe environment for all consumers to enjoy working, spending, and enriching member corporations.

This document is hereby released to the public domain. You may (and are encouraged to) reproduce, republish, read, modify, and/or archive it without limitation.

Talk about collecting useful data!

[TPS+Report]

Scene: Interrogation room, deep under FBI headquarters.

AGENT: We know you did it. We have proof.
YOU: You've got nothing!
AGENT: [to other agent] Bob, play the tape.


YOUR VOICE: I'd like the double cheeseburger meal, supersized with no pickles
MCDONALDS DRIVE THROUGH: What kind of drink?
YOUR VOICE: A large Coke please

AGENT: Damnit. Fast forward the tape a bit.

Where to end? Right here.

[erikdotla]

Sure they could bug your car anyway, but you could sweep for bugs (if you were a criminal, anyway).

The difference is that they're turning something that is a harmless, useful commercial service and remotely exploiting it for monitoring.

Then again, I suppose a long-range camera exploits "harmless photons" for the same purpose, which is why it would have been allowed, and the safety issues are the only reason the court rules against the FBI.

Other than revealing that the FBI actively pursues these kinds of tactics, which most of us already knew (perhaps not to this extent), this article only discusses one rare exception to that policy and laws which govern it.

Not all telematics system supports this.

[LqdSlpStrm]

Have been developing systems like this for years.

A few telematics systems lets you silently call upp the vehicle and eavesdrop using the handsfree functionality, but most don't. Some of the protocols supports it, while the vehicle implementation of it does not.

What a call center operator can always do, however, is silently track your car. It usually works by calling up the vehicle over Verizon's WIN4 net, transmit authentication codes and a request to track the car's progress. Every five-fifteen minutes thereafter, the car will call up and transmit a GPS log to the call center.

Remote door unlock is often also a trivial matter.

No, you cannot call up and hijack the vehicle from the ordinary phone network since all WIN4 subscriptions have an areacode of 500, rending them unreachable from any ordinary phone. Calling out to them is a long and tedious process. On top of this, every vehicle usually have a unique passcode generated when the car is built. A list of these passcodes are then sent directly to the call center who uses them to access the cars.

No, you cannot reprogram the 800 number dialled by the vehicle in case of a crash or other event. The number is setup in the WIN4 network. No matter what number you are trying to get to from the handset, you will end up at the same DNIS.

My $.05

Re:Not all telematics system supports this.

[LqdSlpStrm]

Hmmm.

I forgot to mention that the article's description of the eavesdropping blocking the line for emergency calls points to a incorrectly designed telematics system.

What should happen is that any non-emergency call is aborted when a higher level event, such as an airbag deployment, occurs.

This frees the line for emergency use.

Re:Score one for little brother...

[Tackhead]

> .. but I wonder how long it'll take before any system like this will have to have 2 channels, one for the security "people", and one for you...

I'm surprised it wasn't designed in from the first round, but I'm a cynical motherfucker.

Given advances in technology, it raises an interesting question. Why not just install it by default? Given the advantages it would give law enforcement in tracking vehicle theft (and vehicle theft is often a precursor to everything from simple burglary to drug trafficking and yes, terrorism), why not have the government sponsor the Big Three into supplying a LilbroJack as part of the standard model? Big fat pork contracts for the steel belt, sold as "improving safety by eliminating auto theft" to the voter, and the cash-strapped State governments would likely be onboard anyways to save on highway patrol funding. (ie.. Congress wouldn't have to threaten to withhold highway construction $$$)

As I see it, every car that rolls off the assembly line should get at least one, and preferably two, bugs built into it. 99% of the time the primary bug is off. 1% of the time the car is stolen, and the primary but is turned on when the civilian reports the car as stolen. (And 0.1% of the time, pursuant to the needs of law enforcement, the secondary bug only, is turned on for the sheer hell of it, but that's the price you pay for eliminating Grand Theft Auto across the country, with the exception of your PC/console gaming room :)

The existence of the secondary bug should be withheld from the public for as long as practical. Not sure how to easily integrate a Big Secret(tm) such as the secondary bug into an insecure manufacturing process like vehicle design and assembly, mind you. I'm sure people with a Need To Know have good ideas on solving that problem.

Both bugs could also hold a passive RFID chip containing the VIN(primary) and the VIN encrypted with the public half of an Uber Law Enforcement key (secondary) on it. Remove the primary bug, you've removed the VIN, you've automatically marked the car as stolen. Th33f = pwn3d! (And of course, if you so much as breathe the wrong way on the secondary bug, both bugs trip. Law enforcement can tell, by looking at which "VIN" (either VIN or VIN+UberKey) was transmitted at phone-home time, which bug was fscked with. Officer Friendly at your local precinct can track your stolen car with the primary bug, but only Law Enforcement of high enough rank to have access to the private half of the UberKey, however, could do anything with transmissions from the secondary bug.

Back to reality for a bit. It'd be a bit of a kludge, but I bet a dirt-simple variation of the primary/secondary bug trick (albeit one not locked to the VIN, not directly accessible to law enforcement, sans crypto, and ultimately based on security through obscurity, namely the vehicle owner's skill in hiding the second bug) could even be designed and sold as a consumer aftermarket add-on to a commercial system like LoJack.

OnStar

[raelimperialaerosolk]

My new vehicle came with a free year of onstar service. I've only used it once when I called and set up the service.

I asked the dealership where the onstar equipment was, and they said it was buried deep in the dash somewhere, totally inaccessible. I had the vehicle home and 5 minutes later found it underneath the passenger rear seat. It's not labelled "ONSTAR UNIT", but it was pretty obvious. You pull the cover back and there is a nice motorola built case with two data cables going into it and a 3rd coax connection (for the antenna).

The Onstar stats say they recover 500 vehicles a month. Thieves really are idiots. All you have to do is disconnect the onstar box, or, at the very least pull out the antenna cable.

I was considering disconnecting the unit after my year was up, but then my wife's cousin who consults for onstar was telling me that they will perform 'public safety' services even if you don't have an active account. He said if you're even in a bad neighborhood, just hit the button and say "I don't feel safe", and they'll guide you out.

Interestingly, the onstar documentation doesn't come right out and say it, but it implies that they can use the onstar system (with built in gps) for reasons other than helping you. I can envision a situation where one parent might 'kidnap' their own kid and the other parent could get a court to use the Onstar system to locate the vehicle (or something like that).

Re:FBI Roadside Assistance

[Ralph+Wiggam]

In the movie Casino, the mobsters have thier wives call each other and talk about shopping for 2 minutes. After the FBI turns off the recorder because it's not relevant, then the mobsters start talking. That movie teaches us so many useful things. Like always have the hole dug first. You don't want to sit out in the desert digging a hole. Someone could come by, and then you have to dig another hole. Life lessons.

-B

Vindication

[nurb432]

This what have i been telling you people all along.. but nooooo all i get is fucking 'tin foil hat' cracks..

Everyone needs to wake up and look around at what is going on... get your heads out of the sand and fight for what freedom we have left.... before its too late ( if it isnt already )

Lo-Jack

[Chris+Burke]

When I bought a car recently, the finance guy tried to sell me Lo-Jack, which if you don't know is a microwave transmitter that the police can remotely enable and then pick up the signal from their squad car, ostensibly to retrieve your car when it gets stolen.

The relevent part is when he said "... and since it's only turned on when you report your car stolen, it isn't Big Brother-ish like On-Star and the others".

A microwave transmitter in my car that is directly controlled and monitored by the police. And that's not Big Brotherish. Riiiight.

That the guy seemed genuinely startled when I pointed out this obvious problem tells me that we've already lost.