On Beyond Zebra

This article in Wired considers the vulnerabilities of supposedly theft-proof electronic systems. Turns out there are “back-doors” in some of these technologies.

He called an acquaintance who worked at a Honda dealership. I listened, awestruck, as Montes fed the guy a barely credible story about a cousin who had dropped his keys down a sewer. The dealership employee was at home but evidently could access the Honda database online. I gave Honky’s VIN to Montes, who passed it along to his friend. We soon had the prescribed sequence of pulls, which I scribbled down in my notebook.

I walked outside and approached Honky. The door lock would have been easy – a thief would have used a jiggle key, and a stranded motorist would have had a locksmith cut a fresh one. I just wrapped the grip of my key in tinfoil to jam the transponder. The key still fit, but it no longer started the car.

Then I grabbed the emergency brake handle between the front seats and performed the specific series of pumps, interspersed with rotations of the ignition between the On and Start positions. After my second attempt, Honky’s hybrid engine awoke with its customary whisper.

The story is interesting on many levels, but I was really taken by the interface to this back door. Our user model for automobile controls sees the different systems as entirely separate. Who knew the emergency brake could talk to the ignition?

I have always loved the idea of neat little tricks; unexpected ways of interacting with something, outside of the fixed rules of how you’re supposed to use it. It’s not so much the idea of unauthorized access, but simply the secret Toontown world that lurks beyond the mundane and familiar. I remember during the dial telephone era there was a way to get your own phone to ring back (it may have worked with tone, but I remember it as a dial hack); Dial 57 and the last 5 digits (or something) and then hang up, or hang up twice in succession. And the phone would ring. Great for messing with family members or when visiting someone else’s house.

The outcome was fun, but I’ll emphasize that much of the pleasure came from this possibility of navigating cleverly outside the interaction flow of receiver/dial tone/dialing/ringing/other party answering.

Sure, we’ve got Google hacks nowadays where there oodles of hidden functions, but it’s basically a command-line interface that reads more codes that you know about. So what? Isn’t that what Unix was? The delight (and I’m not talking about usefulness, just the fun and discovery) comes from the rupturing of the interaction model and the seemingly irrelevant actions leading to some new effect.

I don’t need anyone to reveal security vulnerabilities, but I’d be curious to hear about any favorite back doors!


About Steve