Disgruntled Hacker [Debt Collector] Disables More Than 100 Cars Remotely

Pay Technology's Webtech Plus

Cleveland-based Pay Technologies is a company that sells hidden wireless black boxes that allow car dealers to remotely disable a car’s ignition, or trigger the horn to begin honking, as a not-so-gentle reminder that a payment is due. The Webtech Plus responds to commands issued through a central website, and relayed over a wireless pager network.

A car dealer in Austin Texas began receiving complaints from hundreds of stranded customers late last month. According to the dealership's manager, the complaints stopped several days later, when he reset all the Webtech Plus employee passwords. Then police obtained access logs from Pay Technologies, and traced an IP address to a former employee. Police say he hacked into the dealership's computer system to deactivate the starters on the cars and set off their horns.

To call the suspect a "hacker" is really an insult to hackers. On the other hand, anyone who's ever spoken with a debt collector probably isn't very surprised by allegations of unethical behavior.

According to the dealership, the employee's account had been closed when he was terminated last month, but they allege he got in through another employee’s account. They claim he was working his way alphabetically through a database of all 1,100 customers whose cars were equipped with the device.

How Google might know what you did last summer -- even if you forgot.

Google Latitude is a service that allows users to see and share their location on a Google map live and in real-time. The service runs on most smart-phones, regardless of service provider, including Apple's iPhone, Windows Mobile, the Palm Pre, and, of course, Google's Android. Latitude relies on a combination of GPS, cellular tower triangulation, and wi-fi triangulation. Having brushed-up on the service for a recent National Public Radio (NPR) Interview, I have since considered Latitude one-part creepy, and two-parts cool. However, the creepy / cool ratio may be shifting.

This week Google introduced a new and improved Google Latitude -- with enhanced features like "Location History".  With Location History Latitude users can go back in time retrace their footsteps, and even see where they stayed-put, and for how long. Kind of cool...yet, very creepy. But practical?

Imagine, for example, you're the owner of a Palm Pre on Sprint's 3G Now Network , having trouble remembering where your were when you told your spouse you were somewhere else? Now, there's a map for that!

But wait -- there's more! How about "Location Alerts"? Certainly, a application that would alert you when a particular individual, say a family member, has left work or school, would be very practical. After a while of being alerted every time someone is, or has arrived, exactly where you would expect them to be, however, could get old. So, Google's geniuses stepped it up a notch. According to Google, Latitude will learn user's patterns and behavior so that alerts can be issued when a person has strayed from their routine -- left at a different time, or arrived at a different place.

For example, if you decide to  staycation with your mistress, you can receive a handy alert when your spouse leaves the office earlier than usual. Or, if traffic is particularly light, Latitude will let you know when it's time for a quick window-exit.

Best of all, when the jig is up, no one has to know, because -- for now -- Google is making all these free services available to you, and no one else... at least, without subpoena powers.

This is deception... on the Now Network.

Recently, I had a wonderful opportunity to play a game of hi-tech "phone tag" on the streets of San Francisco with Reporter Martin Kaste from NPR's "All Things Considered". Late last Summer I was  asked if I would be willing to sit down for an interview for a story he was researching about location privacy. But, instead of agreeing to meet Kaste, I told him he had to find me.

With the aid of his GPS-equipped smart-phone, some software, a little patience, and a good pair of walking shoes, he was able to "tag" me sipping a latte outside a coffee shop on Market St. Of course, with my own GPS, and software-equipped smart-phone, I was able to see him coming. What follows are the fruits of that encounter:

Digital Bread Crumbs: Following Your Cell Phone Trail

Jeff Fischbach is a little bit like those guys in The Matrix — when he puts on his shades and looks at the world, he sees data.

Walking down the street in San Francisco, he points out all the devices that record people's comings and goings: digital parking meters, apartment intercom systems, digital security cameras...

Audio and transcript: http://www.npr.org/templates/story/story.php?storyId=114241860&ft=1&f=1019

It's rare that I clap for [watch] TV commercials. But Verizon just took AT&T to the mat -- er, map.

Technically, this is off-topic, but I think I can apply a little broad discretion when it comes to bad data -- That is, the data that every U.S. cell phone company uses to claim to be the best.

I know I spend a lot of time picking on Apple -- especially the the iPhone. But when something falls just short of great, it leaves room for criticism. That, however, doesn't describe Apple's choice of service partner. Verizon customers love their coverage. T-Mobile customers love their customer service. Sprint customers love their features (and free 3G roaming to Verizon). AT&T customers love their iPhones, and tolerate their service. Now Verizon is taking them to the map.

Watch and see what I mean.

Hey, Verizon customers -- ever get tired of having "The Network" following you around everywhere you go? It's such a hassle, especially when you have to use the restroom, or spend some "alone time" with your significant other.

Well, Sprint's Palm prē has you covered. Palm's latest smart phone is so smart, the network can find YOU -- ANY TIME THEY WANT!

INFORMATION SENT TO PALM: { "errorCode": 0, "timestamp": 1249855555954.000000, "latitude": 36.594108, "longitude": -82.183260, "horizAccuracy": 2523, "heading": 0, "velocity": 0, "altitude": 0, "vertAccuracy": 0 }

The news was released on Joey Hess' blog. Hess, a programmer, noticed a log file on his Palm prē was being sent to http://ps.palmws.com on a daily basis. Among other things, the log file contained his GPS coordinates (in this case, his home address) in the form of longitude and latitude. This information is derived from the built in GPS common to most cellular telephones on the market today.

In addition to his location, the log file also recorded the name of every application he used, when, and for how long.

Although there has been some speculation that this information is only recorded when the device crashes, Hess has shown that, even though Palm's WebOS makes a record of device crashes, this is supplemental to the daily GPS location, and usage-tracking that is sent to Palm every day. (All of which, for now, he has disabled by hacking a file in the operating system.)

Palm's response to this shocking revelation?

RTPP: Read The Privacy Policy. In a statement released by Palm, "Our privacy policy is like many policies in the industry and includes very detailed language about potential scenarios in which we might use a customer's information, all toward a goal of offering a great user experience."

In preparation for this posting, I read Palm's Privacy Policy (08-13-2009). Focusing strictly on users' private location data, the only mention of  location-based information being collected and transmitted is as follows:

"When you use location based services, we will collect, transmit, maintain, process, and use your location and usage data (including both real time geographic information and information that can be used to approximate location) in order to provide location based and related services, and to enhance your device experience."

This policy specifically addresses use of this data when "provid[ing] location-based and related services". That does not explain why they are collecting and transmitting GPS data as part of a daily log.

Frankly, I have some issues with Palm's right to this data, even if it has been disclosed. Although, arguably, Sprint has to process this data through their network to provide service to it's customers, Palm sells hardware and software, not network service, or even traffic and directions. As an individual who collects and analyzes similar data for criminal cases on a daily basis, I see no justification in Palm's Policy, or in terms of the way the equipment operates, for the transmittal of location-specific data to their company.

Read more @ InformationWeek (http://www.informationweek.com/news/security/privacy/showArticle.jhtml?articleID=219300120)

{ "errorCode": 0, "timestamp": 1249855555954.000000, "latitude": 36.594108, "longitude": -82.183260, "horizAccuracy": 2523, "heading": 0, "velocity": 0, "altitude": 0, "vertAccuracy": 0 }

"Open the pod bay doors, HAL."

"I'm sorry, Dave. I'm afraid I can't do that"

"Dave... I know that you and Frank were planning to disconnect me, and I'm afraid that's something I cannot allow to happen."

"Just what do you think you're doing, Dave? Dave..."

Whenever we're looking for creepy gadgetry, Apple is always a good place to start. Apple insider noticed this U.S. Patent filing yesterday for a "Consumer Abuse Detection System and Method". Of course, some might argue that, if you're looking for "consumer abuse", look no further than Apple's partner AT&T Wireless. In this case, however, the technology is designed to detect abuse by consumers, no of them.

According to the patent, Apple has devised "a system for detecting the occurrence of a consumer abuse event and storing a record of the event...[T]he system may include one or more sensors for detecting the occurrence of a consumer abuse event. Consumer abuse may include exposing the electronic device to liquids, extreme temperatures, excessive shock, and may also include tampering with the device in a manner not related to normal operation of the device...the abuse detection circuitry may be configured to disable operation of an electronic device upon detecting the occurrence of a consumer abuse event, for example, by disabling power to the device."

Mind you, Apple is no stranger to "Consumer Abuse"--or, at least, it's products aren't. There was, of course, the exploding Powerbook that triggered the recall of 1.8 million laptops. And, the defective Nanos that were reported to have caused three fires in Japan. And, the overheating iPhone 3GS. But, this also isn't the first time Apple has introduced self-preservation technology (see Isaac Asimov's third law) into one of it's products. Current iPhones and MacBooks already have "Liquid Immersion Detectors" built-in.

"Just what do you think you're doing, Dave? Dave, I really think I'm entitled to an answer to that question."

Via AppleInsider (http://www.appleinsider.com/articles/09/08/06/apple_working_on_device_abuse_detection_technology.html)

Black Hawk County, Iowa has become the first in the nation to start accepting text messages sent to 911.

For now, the service only works for T-Mobile customers, and only those in the Black Hawk County area. Also, the physical hardware and software does not allow emergency operators to automatically locate callers, like they can using the E-911 (Enhanced-911) capabilities of most cellular and POTS (Plain Old Telephone Service) lines--so dial-access is still the way to go for most people, in most circumstances. But, for those with physical impairments (all-thumbs?), or even temporary physical restraints (think hiding under a desk during an armed robbery), this could literally be a life-saver.

"Texting" has another advantage: it tends work where and when voice calls often can't, and requires very little battery life. Even stranded outside coverage area with a near-depleted battery, a text message is far more likely to "connect" than a voice call, and doesn't require a sustained signal to get the point across. Which, coincidentally, makes T-Mobile customers good candidates for the service.

Unfortunately, it's probably not going to do anything for response times, or T-Mobile's subscriber numbers. But, if it saves just one subscriber's life, that could make it all worthwhile--at least for T-Mobiles stockholders.

Via AP (http://www.google.com/hostednews/ap/article/ALeqM5jQRysLdp0it9uIqDi_ytuMGxpotAD99ST5RG1)

If I've said it once, I've said it a thousand times:the iPhone will be the downfall of modern civilization as we know it.And, not just because it promotes that crazy Rock music that's all the rage with those teen-aged Greasers in their high-tops and leather jackets. It's much worse than that, says Apple. It could even promote drug trafficking.

According to Apple, "each iPhone contains a unique Exclusive Chip Identification (ECID) number that identifies the phone to the cell tower. With access to the BBP via jailbreaking, hackers may be able to change the ECID, which in turn can enable phone calls to be made anonymously (this would be desirable to drug dealers, for example...". That's a lot of acronyms that seem to suggest that, allowing users to change their ECID via the BBP could leave us all SOL, FUBAR, and possibly DOA.

But, it gets worse: "More pernicious forms of activity may also be enabled. For example, a local or international hacker could potentially initiate commands (such as a denial of service attack) that could crash the tower software, rendering the tower entirely inoperable to process calls or transmit data. In short, taking control of the BBP software would be much the equivalent of getting inside the firewall of a corporate computer – to potentially catastrophic result. The technological protection measures were designed into the iPhone precisely to prevent these kinds of pernicious activities..."

Though this makes no sense, whatsoever, to most people, the use of the word "pernicious" twice in the same paragraph should be very very frightening to anyone who knows the definition. (Pernicious [\pər-ˈni-shəs\] : highly injurious or destructive : deadly)

The co-founders of Apple changed the world by soldering parts together in their garages. If they say it's going to end, we might want to take them seriously. It seems to me that the message is clear: Fight the iPhone hacking, drug-dealing, bandwidth-hogging hippies over there, or we'll have to fight them over here in our own backyards.

Is there an app for that?

Don't believe me? Read more @ Wired (http://www.wired.com/threatlevel/2009/07/jailbreak/)

Though, not strictly on-topic: I got a call today from my cellular telephone company offering to lower my monthly rate, plus add 500 shared minutes, plus unlimited messaging, free call forwarding (they were charging for call forwarding?!), and add unlimited data* (notice the asterisk) to the line that didn't have data, all for a few bucks less than I was already paying--and, no contract extension!

So, what's the catch?

I spent 2 hours on the phone, and researching online. I was skeptical, accusatory--even a little rude, at times. I just couldn't find anything wrong with the deal...unitl, I got to that pesky asterisk (*). (Not that I could actually see an asterisk, since the cell phone companies seem to have adopted the most liberal interpretation of an oral contract. Even Kim Basinger had to "shake on it".)

When I finally agreed that there was, apparently, nothing wrong with the offer, I asked for a "read-back" of the details. When she got to the "unlimited data", she paused and said, "well, you know, 5G's, or something like that. I mean, that's basically unlimited, right". (Insert screeching-brake sound effect here.)

I asked her to check my data usage history, and found that, when I'm traveling, I tend to go well over 5 Gigabytes of monthly usage on my current--actual--unlimited plan. Mind you, this may not be typical for all subscribers. After all, occasionally, I like to stream a little television from my smart-phone via a video adapter cable to the TV in my hotel room. And, though I won't admit to hacking my phone and unlocking its tethering capability, I could--if I wanted to. I also won't admit to broadcasting said broadband via wi-fi for a room full of people to use as an impromptu hot-spot, I could do that too--if I wanted to.

Finally, I could see why I was receiving the call. This was a Trojan Horse. An opportunity to blind a customer with pretty bauble's, as not to notice his fortress was being raided for all it's precious and truly unlimited bounty. I wasn't buyin' what she was sellin'.

Suffice it to say, a little haggling later (and, probably a little more rudeness), I kept my unlimited broadband, and lowered my cell phone bill.

Moral of the story: When a service is in abundant supply--in this case cellular providers--it's a buyers market. Now, if someone would just flood the market with physicians.

John Hargrave likes to make a point--LOUD and CLEAR. With a megaphone, in this case. He wants to know why ANYONE can get access to ANYONE's private cellular telephone account records. (See this Washington Post article for more information.) So, he didn't just ask anyone. He signed up for a web site offering "free cellphone records", and used the data he gathered to pay a visit to the home of Verizon CEO Ivan Seidenberg--with a megaphone.

Verizon, as you may recall, is the company that once offered it's customers 45 days to opt-out of "agreeing" to let them share personal account data with "affiliates, agents and parent companies".

Check it out:

Via Gizmodo and Zug.com.