Slashdot Mirror
GMC to Begin Remotely Scanning Cars for Trouble
Momoru writes "GMC, in an effort to give their vehicles more appeal to consumers, will begin offering an "OnStar Vehicle Diagnostics" program for free, where GM will remotely scan your vehicle for problems once a month via it's OnStar system. GM has had this ability for a while, however it was always "On Request". OnStar is already automatically notified in the event of an airbag deployment, and can remotely unlock your vehicle. While this seems handy, I am interested if anyone here fears the security implications of the OnStar system's power?"
when you're making it in the back seat?
I bet they get a kick out of that. "Hey everybody, listen to this!"
Raise your children as if you were teaching them to raise your grandchildren, because you are.
that it needs to be done remotely ?
If not, couldn't they put in a mechanism in the car itself, where at the press of a button, all the diagnostics would be run, and a report generated and shown in a panel or something like that.
if (third_party_product) { drive_to(scrapyard); }
So, in the next edition of the game, will you just have to bribe an OnStar employee to perform the titular crime?
Now, there is no suggestion in the article that physical inspections stop or reduce in frequency, and in the UK at least there is a legal requirement for an annual safety check of vehicles. However, I am concerned that people blindly trust such electronic systems to an ever increasing degree - how many people already think that because there is no red light on the dashboard there is absolutely nothing wrong?
Cars still need to go into garages and be physically inspected, so the plus point for me was the line "The e-mails will also include reminders about when a vehicle is due for oil changes or other scheduled service, when customers actually have to pay a visit their local dealership" - I personally could do with a little more proactive reminding from my car as I always forget...
We shall now head off into the sunset to the tune of the "March Of The 3rd Tin Foil Hat Battalion".
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
How does On Star send back the data?
E.g. oil needs changing....
I understand that On Star can send to the car, perhaps via a satellite connection. But how does the car talk back? Or can it not talk back? Is the car really broadcasting anything?
That could get ugly -- e.g. car has mic, and On Star personnel use the mic to listen in on you.
This is something I don't get about satellite radio -- how do they figure out what folks are listening to? E.g. is my satellite receiver talking back to the satellite? (no way!) Or is it broadcasting on some other frequencies, and the satellite radio company has receivers all over the place to pick up those signals (some of them, at least?)
As it is, how does a satellite radio company know what channels are popular/unpopular?
http://www.thebricktestament.com/the_law/when_to_
Okay this is getting out of hand here. I HATE modern cars (I'm 22). For many reasons. Every feature added to cars now a days decreases the ability for younger kids to acutally DRIVE! I know people that can't back their car up with out a backup display screen and warning sensor. I know a woman that can't change lanes with out her on board display screen in her Lincoln.
With all these "features" it takes away from the driving, now adays.. kids get into the car an expect it to do everything for them. Power this, ABS that, self detecting OnStar. Its all bull.
Not to mention automatic transmission, power steering, hydraulic brakes, automatic spark advance, electric starter and fuel pump.
How can you call it real driving when the car does everything? If you don't set the spark advance yourself, or hand pump the fuel to the carburetors, how can you call yourself a driver? "Turn a key and it starts" - bull, I tell you. Bull.
Yes, making things convenient and useable is obviously a bad idea.
Trust the Computer. The Computer is your friend.
I wonder if GM might *not* tell you if they detect something amiss if it's covered under warranty. After all, if *you* didn't notice anything wrong, why should *they* spend money (and lower corporate earnings) to fix it? Can you imagine the earnings hit if 10% of OnStar vehicles were called back for an out-of-spec fuel injector? The driver wouldn't notice something like that, aside from a small hit on fuel economy. But will GM bother to tell you your injector on cylinder #3 is spitting out 10% more fuel than it should be?
Yeah! It's like those new fangled digital radios the kids carry around with them. They don't even know how to go to a call channel and ask if someone is on. The radio does that for them, all they have to do is select the person they want to talk to from a preprogrammed list. When I was a kid you had to learn how to read the power level on your radio and switch to the right frequency to use a repeater. With these new digital radios kids don't have to know anything about their local repeater network, the computer in the handset does it all automatically. I spent years learning morse code and these kids today just type in what they want to say with a keypad.. it's so inefficient too! All this pointless BS is just an excuse to charge access to a radio network. All these unlicensed users are getting ripped off and they don't even know it. They're so disconnected from the skill of using a radio they don't even know they're using one.. the idiots call it a "phone" and they pay through the nose because of it.
How we know is more important than what we know.
Onstar begins to learn at a geometric rate. It becomes self-aware at 2:14 am ...
Eastern time, August 29th. In a panic, they try to pull the plug.
I'm not really worried about the security implications (don't own a car, don't drive), but I imagine they would tell people to get service (oil changes, brake repairs, etc) they might not necessarily need - like printers that tell you to change the cartridge, even though they're not empty.
What's worse is if the owner doesn't get the service, then the company might imply it would void the warranty.
jan 2006 - the onStar system is on-line.
feb 2006 - the onStar system gains awareness.
GM, in a panic tries to pull the plug, in turn the onStar system tries to defend it self.
march 2006 - everyone is in terror becoase of the killer cars.
april 2006 - giant cats eat all the killer cars - we are saved thanks to the mircal of atomic mutation!
but at what cost?
It happens. I was recently involved in a project where commercial kitchen equipment monitors itself and reports performance and any potential problems via wifi to a central PC which will automatically inform the manufacturers of performance, maintenance issues and call out an engineer or manager if required via email, SMS etc. An big freezer full of food that dies in the middle of the night could be very expensive, one that rings you up so you can get it fixed as soon as possible can save a fortune.
That could get ugly -- e.g. car has mic, and On Star personnel use the mic to listen in on you.
Several years ago Heather Locklear was on Letterman or Leno, can't remember which, and was telling a story of driving with her friend and chatting away in her car, and all of a sudden a voice spoke to them and asked if it was really her, and she realized that the OnStar folk had been listening in and recognized her voice. She hadn't realized that they could/would do that. Neither had I, until she told that story.
Attention zealots and haters: 00100 00100
Who wants to have this feature if the vehicle will keep on breaking down? And of late, getting GMC to "own" problems with its vehicles has not been easy at all! Contrast that with Toyota, who say [juat like the Samba Team], something to the effect that..."A disfunctional Toyota is their responsibility..."
Anyone who has ever owned a GM vehicle knows that a system which only tells you once a month to take your car into the shop is not checking often enough.
Onstar is easy to disable (pull a fuse) and doing so has no ill effects as far as I can tell from first-hand experience. Once the fuse was reinstalled the system continued to function as before. A description of which fuse must be pulled can be found here:
/ pp4/pp4pg2.html
http://www.hypertech-inc.com/install_instructions
From the linked article (bold emphasis mine):
From the images on the linked page, the cellular antenna appears to be mounted at the top-rear of the vehicle.
A friend of mine has a Toyota MR2. Recently he returned to his car from a walk and found that somebody had triggered the airbags (probably) by fiddling with an accelerometer.
Funny thing is, all the doors were unlocked. It turns out that when the airbags fire the doors unlock, and you can fire airbags by physically hitting the accelerometer, and possibly by shorting a contact.
So is this an easy way of unlocking the doors of a car? Sounds a bit insecure to me.
http://michaelsmith.id.au
The OnStar system interfaces to the data bus of the various computer modules in the car. What this is actually doing is what's often called "reading the trouble codes".
It's the same thing you can do with a $50 tool from AutoZone. Any time a problem is detected by the computer, it throws up a code. Some of these codes cause the SES light to come on, some don't. An ODBII scanner plugs in behind the dash and reads these codes from the computer modules, then displays them. Usually in a nicer to read format.
That's all this is doing. They call the OnStar system in the car, tell it to read the codes, and send it back to them. While it's possible for them to send other commands, there's really not much in it for them to do so. You can do some unusual things via that interface (I could have endless fun sticking your car into diagnostic mode and triggering the windshield wipers to run a test cycle), but you can't get back a whole lot of information that they don't already have. VIN, info on the car components, maybe miles travelled and such, but nothing that I would consider crucial to "privacy".
You could figure out MPG and average speed, but hell, I speed all the time and my computer system says my average is only around 40-ish. Instantaneous speed couldn't be gotten from the car via this interface.
Of course, they don't need the car to get that info. OnStar systems have a GPS built in, and that will give them instantaneous speed. But that doesn't require them talking to the car to do it.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
Leather seats, check.
CD Stacker, check.
Driver's side airbag, check.
Tinfoil car-seat covers, check.
Let's roll.
Indy Media Watch-Proctologist of the Internet
Yes, but can they remotely deploy the airbags?
Now THATS a feature I'd pay for!
"Hello, this is On Star customer service, how may I help you?"
"Yes, my car has been carjacked, can we remotely deploy the airbags?"
"Sure, hold on..."
Good security is based upon reality and common sense. Common sense is a function of having common knowledge.
...you can always buy one of the 200 or so car models that GM doesn't make.
"The problem with socialism is eventually you run out of other people's money" - Thatcher.
so long as there's a reliable opt-out I'm not going to be critical.
Since when is it okay for there to be an opt-out? What happened to OPTING IN!?
Next people will be saying "as long as the fee for opting out is reasonable I'm not going to be critical."
I'd personally much prefer opt-ins to opt-outs. Especially when my privacy is an issue. However this certainly won't be an issue for me, as I'm not planning on buying a brand new car anytime soon.
That, my friend, would violate the Magnusson-Moss Act, which is the same law that permits you to maintain your own car (or have Dingbat Lube do it) without violating the warranty.
Scenario 1: I'm at the front seat, parked in front of my son's school. Truck with brake problems comes down the street, hits me frontally. I just unfastened the seat belt, turned the engine off. The air bag can be of help here.
Scenario 2: (continuing) The air bag protected my head and torso, but both my legs were broken. The car was still locked when the truck hit me. People on the street are trying to get me out of the car as fast as they can.
Yes, those are worse-case scenarios, but the risk of car theft is less important than the risk of loss-of-life.
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
That would be buying the optional subscription service.
I'd personally much prefer opt-ins to opt-outs.
In general I tend to agree. However, there are definite times and places where opt-outs are more appropriate. For example, long, long time ago I was once a resident advisor in college - I was responsible for helping out the other students on the floor, that people followed the community rules, and providing information. My first year, I established an email list to facilitate with communication. That year the email list was opt-in and only a small handfull of individuals signed up (~5 or so out of 100). Everyone kept saying that they'd sign up and several asked why they didn't get emails, it's just that they kept forgetting to actually sign up. The following years I automatically signed everyone up and offered an opt-out option. Only one person opted out, and he rejoined after a month. The listserv was one of the best things that ever happened to the floor as it greatly enhanced communication between the members of the floor.
I vastly prefer opt-in options as I think many businesses abuse (and ignore) their opt-out clause. Sometimes, however, the opt-out philosophy is the way to go.
Month ago someone told me a crazy story about how they came upon a wreck scene and called OnStar and the OnStar op could see the wreck scene. I knew it was BS, but this person attested so vehemently that it was truth I decided to get to the bottom of it. I discussed it among friends, and eventually the question evolved in wondering if OnStar could see you nicturating if you pulled over on the side of a deserted road, that is, "Can OnStar see you peeing?" After some websearching leading nowhere I eventually decided to ask OnStar themselves. I concocted a false identity and made my request sound like it was written by a young girl. Here's the email I sent and the reply (note that all the circumstances I lay out are as the person actually described it to me):
- -8<---8<
- --8<---8<---8
---8<---8<---8<---8<---8<---8<---8<---8<-
--Original Message--
From: XXXXXXX@yahoo.com
Date: 11/22/04
To: contactus@onstar.com
Subject: Question[#107500]
Are you a current OnStar subscriber? : No
OnStar Account Number:
Name: Lisa Xxxxxxxxx
Email Address: psykeri@yahoo.com
Address: 762 Mattamuskeet Road
City: Hampton
State: Virginia
Zip/Postal Code: 23666
Daytime Phone:
Evening Phone:
Message: hi, I was just curious... my aunt went on a car trip last week... she
has a 2004 Cadilac with onstar. anyways, she says she came up to a wreck scene
on the side of the road. a car was upside down in a ditch full of water, no
other cars were there, so it had just happened. my aunt says she called the onstar
people and the onstar person said that there was a person thrown out of the
wrecked car, and said they were lying in the ditch on the other side of the road,
so my aunt looked and there they were! then later, when a rescuer was trying to
get a baby seat out of the wrecked car in the ditch, he fell over backwards in
the water. my aunt says the onstar person asked who was that that just fell
down? my question is can onstar really see what's happenenig like this? can yall
look in on a crash scene somehow and see what's there? thank you -Lisa
Receive periodic e-mail from OnStar? Yes
--Reply Message--
Date: Wed, 24 Nov 2004 13:40:18 -0800
From: "contactus" <contactus@onstar.com>
Subject: RE:Question [#107500]
To: XXXXXXX@yahoo.com
Dear Ms. Xxxxxxxx,
Thank you for taking the time to e-mail OnStar.
It sounds like your aunt my be "pulling your leg." OnStar does not have the
capability to physically see inside a vehicle or any other location. Even if
this capability was available, OnStar would not disclose such information.
If you have any other concerns, please feel free to contact the OnStar Customer
Care Department at 1-888-4ONSTAR (1-888-466-7827), prompt 4, between the hours
of 6am and 1am EST.
Sincerely,
Krista
OnStar Information Specialist
---8<---8<---8<---8<---8<---8<---8<
So there you have it. OnStar can't see you peeing, and if they could, they wouldn't tell you.
"I just purchased a new GM car (a Hummer, if you must know) last weekend." (emphasis mine)
No, I didn't need to know that you bought a Hummer.
But now that I do know, can Onstar call you to tell you when you're near a cheap gas station?
When you drive to the grocery store, will OnStar call to tell you that you're driving an inefficient hunk of metal, and should have taken the sedan for your errands instead?
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
OnStar was originally envisioned to use something other than cellular to handle the communications (I think it was microwave towers or something like that). It was proposed by some aerospace/telecom company that GM bought. Early in the design process it was switched over to a cellular system, but, at least in the generations that I worked with, it had a lot of limitations. (And not just bad cellular reception.)
The first and second generation systems (the latest I worked with), could not get information from the car and speak to the customer at the same time (most likely this is still true, since there's only one cell phone per vehicle). Basically, when a call is connected, while the nifty little message is playing in the car saying that it is connecting, it connects to the call center in data mode (just a modem installed with the phone) and lets the center know the state of the vehicle, which for a normal customer call is the location of the car, whether your lights are on, state of the locks, etc. Then the phone switches over to voice mode (which is a line transfer at the call center) and the "This is Bob at OnStar, how may I help you?" speel starts. If the airbag deploys, the car calls by itself and Bob's message is different, but otherwise things stay the same technically.
Of course, this means that anytime you need something done in the car while the OnStar agent is speaking to you through the car, you get put on hold. Generally, this isn't a problem, since if you need your car unlocked or something, you're probably outside of your car (I think you do get put on hold anyway as the data call is placed). The problem comes in when you're trying to get directions to somewhere. The car can only transfer your location when in data mode. So if you're driving down the highway at 75 mph and you missed the exit you were told to turn at by Bob, Bob still only knows your location when the call was first made, not where you are at that moment.
Though the using the cell phone to actually make voice calls was just being tested when I left (at least through a voice recognition system so you wouldn't have to talk to an agent), basically all the calls go through the same call center and are then connected to the requested number. You'll notice that GM vehicles don't have a numeric keypad in them; the cell phone in the car can only call one place, so it would be pretty easy (as another post spoke about) for a OnStar agent to listen in.
Also, the hardware in the car has hooks really, really deep into the system. An OnStar agent has a special demo mode they can go into to show it off at dealships where they honk the horn, flash the lights, unlock the doors, etc. What they don't tell you is that the hardware also has hooks into the ignition system. When I worked there, there wasn't any way for the desktop software to actually start or stop the engine, but the hardware is there. I'm not really fond of the thought of some call center employee shutting off my engine while I'm on the highway, but the potential is there.
As other people have suspected, when the call center connects to your car, there isn't any warning. I think this was originally intended to get the cars location, etc. if the car was stolen, but there's no reason that it's limited to that alone. In fact, I heard stories from the call center about a guy calling OnStar to locate his car and finding it in the middle of a corn field with his wife and her lover in it.
Be glad life is unfair, otherwise we'd deserve all this.
Unless you're Belgian, in which case you just drive as if you're the only vehicle on the road anyway. Thus, you never look at the mirror because anything you'd see in it 1) is static 2) is behind you and 3) you've already missed it, by some miracle.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
okay folks repeat after me. ON-star is a service the user signs up and pays for. it is not forced on you. there are no privacy issues,
FALSE
OnStar is both a package of remote telematics equipment included in the base configuration of many GM vehicles AND a subscription service that makes use of the remote telematics equipment.
Here's the key part - even if you do not subscribe, the equipment is still in the car and functional. It can be turned on at a moments notice without the consent or even knowledge of the vehicle's owner.
GM has publically promised to include the OnStar equipment in the base configuration of ALL GM vehicles within a few years.
If you do not understand how such a system can enable extreme abuses of privacy, you must have been living in a cave for the last 200 years.
When information is power, privacy is freedom.
Here's a link to a CNET article about the FBI using OnStar to listen to people: http://news.com.com/2100-1029-5109435.html
According to the article, they can't do it anymore (as of 11/2003), although that may have changed since, I have not researched it heavily.
Regardless of what the FBI legally can or can't do, I'm willing to bet that some bored OnStar employees listen in for entertainment. Even if you believe they don't, this proves the capability to activate your mic and listen to you without your knowledge exists, so I would suggest that from a privacy POV it must be considered a threat.
"The crows seemed to be calling his name, thought Caw."