Should OnStar Shut Your Car Down?
There has been quite a commotion over at Slashdot about General Motors' plan to "install OnStar systems on almost 1.7 million 2009-model cars." It seems our friends at GM plan to incorporate a "feature" which will allow "law enforcement (or anyone who cracks the system) to remotely shut down vehicles." And Lauren Weinstein writes, "Ready to turn over the keys of your vehicle to the cops, or that clever hacker in the next lane? How about that creepy guy following you on a lonely country road?"
These are good points. But so is the point made by the Cal Highway Patrol Deputy Commissioner, Joe Farrow, that about 15 percent of the pursuits are at speeds of 90 miles per hour and greater, and that, "There are some high-speed chases that we have out here that we'd like to bring to a halt." You don't have to be a rocket scientist to figure out that this stuff is dangerous, and as the AP story where Farrow is quoted points out, 404 people were killed in the US last year in high speed police pursuits.
Clearly, there is a balancing act here. We, the public, need to balance the number of injuries and deaths to be prevented by installing OnStar against the certainty that those nasty folks at evil.wicked.hackers.org will try, and for a time succeed, in hacking the OnStar system.
One way to do this balancing would be to demand public hearings in states like California on this issue. And the computer security community needs to be prepared to provide timely and accurate input. Perhaps we should ask the people over at The Shmoo Group, the people who gave us AirSnort and exposed just how vulnerable the WEP encryption scheme is, to try to hack into OnStar just to find out how easy or hard it is to do.
We need some data here folks! This is too important an issue to leave to GM (or slashdot). And GM, if legitimate security researchers need your exalted permission to hack OnStar, you need to be prepared to give it.
The opinions expressed in this post are those of the author and should not be interpreted as an official position of The Julie Group.
--Chip Neville
No comments:
Post a Comment