Essay: Social Engineering Issues in Telematics/OnStar

Essay: Social Engineering Issues in Telematics/OnStar
13/04/2011 Comments Off on Essay: Social Engineering Issues in Telematics/OnStar Academic Papers on Information Technology,Sample Academic Papers admin

Sample Essay

Like any other service, Telematics or more precisely OnStar can also suffer from social engineering issues. This is because of the reason that at many times, the services provided by OnStar cannot be achieved through the vehicle’s onboard device. A number social engineering techniques can be used by an attacker to gain confidential information from an OnStar subscriber, similar to the way it can be obtained in other services In addition to its wireless services, .OnStar provides a telephone hotlines service as well to its subscriber in cases where the OnStar system installed in the vehicle is not accessible (such as remote unlocking or remote flashing of lights).

However, using this service to prove his identity and gain faith of the subscriber, an attacker claiming to be an OnStar advisor, can deceive a valid subscriber into providing confidential information.  Furthermore, the subscribers of OnStar also receive a number of emails regarding a number of issues such as vehicles diagnostics as well as account maintenance. One of the major issues while receiving such emails is that many of the OnStar subscribers are not adequately IT literate and thus do not check for the authenticity of the email. Hence, this vulnerability can also be exploited by social engineering through Phishing emails which could lead subscriber into believing that the email is from an authentic source and thus can make them provide their private information via email.  Another example of how OnStar subscriber can be social engineered is Phishing through website. The OnStar websites accepts subscription payment for its services directly so that its subscribers that they are able to renew their subscription online as well. However, an attacker can trick a subscriber by creating a similar site and process while posing as a valid OnStar partner, which can entice the subscriber into using the website for subscription renewal, transferring the money to the attacker instead of OnStar. Another modification of Phishing is the use of email claiming to be from OnStar to force the subscriber to contact an Interactive Voice Recording (IVR) system. This technique is considered more reliable by social engineers, since it is the subscriber who tries to contact the IVR creating less suspicion about it. The attacker sets up the IVR such that it gives an authentic presence but continuously denies the attempts of passwords or pin numbers entered by the subscriber so that multiple PINs or password can be obtained. The attacker can obtain further information from the subscriber by directing the call from the IVR then. Though Telematics technology itself does not play a part in creating social engineering issues, some of which have been highlighted above, however,  the additional services which complements it can be used for exploitation  and thus indirectly create such issues for Telematics services (Security Focus, 2001).

Please go to the order form to order essays, research papers, term papers, thesis, dissertation, case study, assignments on this essay topic.

Related Essays, Research Papers, Term Papers, Thesis, Dissertation, Case Study, Assignments entries.


About The Academic Paper