Single Point of Failure, Illustrated
More than 100 drivers in Austin, Texas found their cars disabled or the horns honking out of control, after an intruder ran amok in a web-based vehicle-immobilization system normally used to get the attention of consumers delinquent in their auto payments.
Police with Austin’s High Tech Crime Unit on Wednesday arrested 20-year-old Omar Ramos-Lopez, a former Texas Auto Center employee who was laid off last month, and allegedly sought revenge by bricking the cars sold from the dealership’s four Austin-area lots.
So let me get this right:
- Any one person with the right password can disable a Webtech Plus-equipped parked car, remotely. (The right thing to do is require at least two people to concur regarding drastic action.)
- The customers’ Constitutional rights against unreasonable search and seizure, and deprivation of property without due process, were clearly violated.
- Passwords were left in place after Mr. Ramos-Lopez’ employment was terminated.
- He wasn’t placed on a watch list within the company.
The company that sells Webtech Plus is Cleveland-based Pay Technologies. I hope the Ohio Attorney General catches wind of this; Pay Technologies deserves an investigation, for the first two bullet points above.
Given the ongoing parade of corporate abuses against their customers, people are starting to wake up to the dangers of centralized records. Motorola went on an anti-privacy kick a few years ago; now GE is on their Healthymagination campaign. Their commercial even shows how creepy it is that so many people can have access to the intimate details of a patient’s history via a single access point.
Or take, for example, Ubisoft’s awful requirement that an Assassin’s Creed 2 player have a constant Internet connection to their authentication server, just to play a single-player game. What happens when their server goes kaput? Those abiding by the rules are left out in the cold. Never mind that the cracked copies of AC2 would still play just fine.
I can’t forget cloud computing, can I? The only way that won’t turn into a security nightmare, is when we each own our separate clouds. Microsoft, Apple, and Google are certainly not to be trusted with our private data; I have no sympathy for anyone whose privacy is compromised by mis-placed trust.
“A single access point,” or rather, “a single point of failure.” The sooner tech companies realize the former implies the latter, the better off we’ll all be.