Re: Onstar - throwing the baby out with the bath water

[<Blanchard_Michael () emc com>]

 Sounds like the fire dept was there on site, but asked to try and have OnStar unlock the car before they break the 
window or something like that.

 OnStar is touted as a theft recovery item too, but a quick cut of the OnStar antenna and no location available.  A 
quick unplug of the *really* easy to find OnStar box and no location, no recovery. 

   I had my new 2003 Avalanche stolen a few years back in Montreal Cananda, got on the phoen with OnStar and they had 
zero signal from the truck.  I was lucky and got the truck back just as it was being loaded onto a container ship going 
overseas, thanks to a Boomerang system (intl LoJack) in another Caddy Escelade that was also being loaded into the same 
container.
   When I examined the truck after a HUGE hassle getting it over the boarder back to Mass, the thieves simply unplugged 
OnStar and away they went....

  OnStar is fine if you keep yoru subscription up and get into an accident or lock your keys in, but not much else.

  I've also always wondered... That Emergency button, isnt' that equivilent to dialling 911?  Is that button still 
active even if your subscription to OnStar has expired?  

 Mike B


Michael P. Blanchard 
Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE
Office of Information Security & Risk Management 
EMC ² Corporation 
4400 Computer Dr. 
Westboro, MA 01580 


-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Chris Boyd
Sent: Wednesday, November 18, 2009 4:28 PM
To: funsec
Subject: Re: [funsec] Onstar - throwing the baby out with the bath water


On Nov 18, 2009, at 12:25 PM, Alex Eckelberry wrote:

> I'm not so sure.  While I empathize with the mother, Onstar does have a
> point--they can't reactivate the Onstar system without someone pressing
> the "Blue button".  
>
> A software design/architecture issue, which could undoubtedly be fixed
> going forward. 

Yes, they will probably looking at changing that.  Which opens another can of worms.  How do you know the caller's not 
just trying to steal the car or something from the car?  Stolen Visa card + access to DMV registration records + OnStar 
= access to any car in the mall parking lot.

> From the report:

> Tampa Police, Hillsborough County Fire Rescue, and Triple AAA had responded, but asked them to reach out to OnStar 
> first.

Since when does having OnStar mean that the fire/police won't respond?  I can understand if they were busy with higher 
priority life threatening issues.  I can understand if they wanted to resolve the situation as quickly as possible, and 
OnStar could do that at a lower cost to the jurisdiction.  Would be nice if ABCActionNews had gone into more depth 
there....

But AAA?  Aren't they _paid_ to respond?

--Chris
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.