Chevy Bolt EV Forum banner

1 - 20 of 22 Posts

·
Registered
Joined
·
624 Posts
Discussion Starter #1
i found out yesterday, when trying to use my iphone with siri and carplay -

a couple weeks ago, i pulled the fuse to disable onstar, because i really don't want them monitoring me all the time. i tried to ask siri to read my text messages, and the mic doesn't register any sound.

put the fuse back in, and it works again. take the fuse out, it doesn't.

not cool, GM.
 

·
Registered
Joined
·
220 Posts
It may be necessary on this car to replace the antenna connection for both cellular (and optionally GPS) in the shark fin with a 50 ohm dummy load to maintain full functionality of the infotainment system without the risks of putting your car on a network in this case. I mention GPS because it very well could be data logged and collected during dealer service or potentially during DC fast charging as that is also a networked activity - merely delaying the tracking intrusion rather than eliminating it. Alternatively a metallic shield installed over the fin might work for a quick and dirty solution if both system antennas are in that fin.

*Not sure where the Fob antenna is in this car either, going to have to pick up a service manual soon!
 

·
Registered
Joined
·
592 Posts
First thing I'd do is read up on their privacy policy. I'll make a bet they're not tracking you unless you opt in for that service. Reason is

  • It would cost money to do so
  • It wouldn't provide them with any big data advantage (e.g. Apple and particularly Google have far better geolocation information that they sell - or at least Google does, pretty sure Apple isn't in that game)
  • They don't have the infrastructure for such collection
  • They don't have the business support for such collection and sale
  • It would piss off their customers
  • Most importantly it's not part of their business model, they have no expertise in this business and are slowly coming to it
I mean really if you don't like even the possibility then why did you buy any OnStar equipped vehicle in the first place? And then get pissy because your precious voice control doesn't work anymore? Seriously guys.

What's richly ironic is that you're upset at OnStar - the most stodgy of the stodgy 'online' services, because when you disable it your Siri voice free doesn't work. Really? I mean, really?? Your phone is the biggest of the big brother tracking devices ever invented. Your service provider is obligated via FISA to supply detailed tracking info on you, and if that wasn't enough they have their own 'dummy' cell towers to track you on their own. Messing with the physical car to 'protect your privacy' is the height of stupidity IMO.

Sorry for the rant but the illogic of this is too much.
 

·
Registered
Joined
·
220 Posts
I think the arguments are weak, professor. Data is valuable, both for sales and for internal development purposes, there is no reason to suspect a company with a network of automobiles wouldn't exploit that to its full advantage over time.

We already understand the threat model of cell phones quite well, and that can be addressed by each individual to their own specification. We don't have a full picture of the networked automobile, yet - which is why we should perform our own due diligence on this new data collection point in our lives.

Buying "non-networked" or non-Onstar autos is not going to be an option much longer for most or all major manufacturers, the hardware is too cheap and the opportunities too rich to ignore. Generally when I do pen testing I don't follow the third parties "privacy policy" I collect it all and exploit everything I can - the usual M.O. of any network intrusion.

Ignoring the risks will be the most common response for the average consumer, this is well understood by the manufacturers and "big brother" as it were - convenience trumps all. I prefer to do a shade more diligence on my part for my networked 3600 lb. missile due to my particular background, I find it interesting.
 

·
Registered
Joined
·
592 Posts
I think the arguments are weak, professor. Data is valuable, both for sales and for internal development purposes, there is no reason to suspect a company with a network of automobiles wouldn't exploit that to its full advantage over time.
OK, everybody has an opinion, for what it's worth I work in the business of exactly doing exactly this and related fields, and have some small expertise in the field. But maybe you're right, every scrap of data IS sacred

 

·
Registered
Joined
·
592 Posts
I'll also remind people that Chevy uses the OnStar remote diagnostics to detect issues with your car. In fact they did exactly this with the recent battery issue that affected 100 Bolt's, you know where the car would suddenly come to a stop.

"Through OnStar advanced diagnostics, we have identified the vehicles that could develop this condition over time and are contacting the affected customers to arrange for service."

But data collection "threat models" are always and everywhere a bad thing.

Sorry folks, I've had a bad week and not a lot of tolerance for silliness and ignorance, just ignore me.
 

·
Registered
Joined
·
4,796 Posts
What's richly ironic is that you're upset at OnStar - the most stodgy of the stodgy 'online' services, because when you disable it your Siri voice free doesn't work. Really? I mean, really?? Your phone is the biggest of the big brother tracking devices ever invented.
Yes, I completely agree that it's incredibly ironic. However he has a point - it's still better to reduce your data leakage even if you can't eliminate it. It's basically the same concept as the "attack surface area" of a computer system - you may not be able to plug all the holes but anything you can do to reduce it is a good thing.

But OnStar isn't something I'd be overly concerned with myself, though.
 

·
Registered
Joined
·
624 Posts
goodness, someone's <UNDERPANTS> are certainly tied in a knot around their <CAJONES>. [MOD EDIT for content and added humor]

I'll make a bet they're not tracking you unless you opt in for that service. Reason is blah blah blah
you'd be wrong.
https://www.wired.com/2011/09/onstar-tracks-you/

Your phone is the biggest of the big brother tracking devices ever invented. Your service provider is obligated via FISA to supply detailed tracking info on you, and if that wasn't enough they have their own 'dummy' cell towers to track you on their own. Messing with the physical car to 'protect your privacy' is the height of stupidity IMO.
cool, but apple specifically says that it doesn't sell your information to third parties, so that's kind of nice. unlike google, whose whole business model is selling your information.

https://www.apple.com/legal/privacy/en-ww/

i'm actually not pissy because my precious voice control does't work, i really don't care. i can just talk to my watch, which talks to my phone, and everything is fine. i just thought i'd put it out there in case anyone else runs into the same issue.

also, onstar is a gaping security orifice, and GM doesn't seem to care. so i'll just go ahead and disable it, if that's ok with you.

https://www.wired.com/2015/09/gm-took-5-years-fix-full-takeover-hack-millions-onstar-cars/
 

·
Registered
Joined
·
592 Posts
Again, apologies guys, my county mostly burned down this week and many of my friends lost their houses, I've had a bad one and am cranky. I'm probably touchy about OnStar because it saved my ass while I watched flames racing down a hill into my valley/house, with all the other refugees at 3AM. I might have been silly enough to try the defeat myself a few weeks ago because I tinker with stuff, I was probably really yelling at myself on this one.

BlackBolt, I work on the other side of it (in a way I guess), I'm one of the baddies making it easy to surveil. For good purposes, I believe, but I'll note that I also reduce my footprint (no social media accounts etc). Because I have an inkling of what's involved I also believe it's hopeless to meaningfully reduce your data leakage, other than not plastering yourself over the net in social media.

But the best ways to track us - anything with a 4G connection and GPS (which is continually tracked outside of GM's control and knowledge) are unfortunately also the services closest to our personal safety. I can faraday bag my phone, and test to verify it's bagged, but I don't because it's a personal/family safety issue. Likewise with OnStar, read my other thread if you want more on that subject.

Enough said.
 

·
Registered
Joined
·
134 Posts
I'd like to know how to get my voice command TO WORK at all; forget whether they're tracking me or not. I've had my Bolt three weeks now, but can't get it to dial up a call for me without me selecting a contact on the touch screen. In my previous car, a C-Max Energi, it was so easy to make voice activated calls using SYNC. I thought the Bolt would be a piece of cake since it has Apple Car Play and I have an Apple phone. Obviously I'm missing something, but I can't figure out what. I have paired my phone with car and blue tooth but it doesn't respond. And I don't understand On Star at all. They seem to be constantly trying to sell me some service, but what I have doesn't seem to function (unless of course their ability to track me).
 

·
Registered
Joined
·
592 Posts
I'd like to know how to get my voice command TO WORK at all; forget whether they're tracking me or not. I've had my Bolt three weeks now, but can't get it to dial up a call for me without me selecting a contact on the touch screen.
It's a little complicated depending on if you have the phone connected or not (I only have experience with iOS on the Bolt).

Phone USB
"Hey Siri" works about 80% of the time. Sometimes you have to try two or three times, other times it won't get it at all.

Phone BT
No Hey Siri I believe but you can place calls through the phone by pressing the call button on the wheel which will go through the phone

Phone connected either but you want OnStar
Press leftmost button on the headliner and navigate through that system


Now there's another mode I haven't figured out how to get to yet, which is you can use OnStar and import all your contacts into it from your phone, so both are connected. Then you have a nice OnStar specific contact list and you don't have to use the Tag approach, but I'm not sure how to activate that again.
 

·
Registered
Joined
·
134 Posts
Thanks Professor. So sorry about the horrible fire. I have friends there in the same predicament, evacuated to SF. Glad you are safe at least.

Hadn't thought about plugging phone into USB. That did work for me when I tested it just now, but as you say with great difficulty, repeating commands, etc. Plus phone tells me I have to enter pass code first. Not conducive to hands free--although I didn't think to voice pass code, so I'll try that next. After trying with USB I tried without, and this time it worked. Again with lots of repetition but didn't seem to need pass code. Pressing talk button on steering wheel activates voice command screen but nothing happens when I talk. All in all it is a pretty unsatisfactory system, not nearly as good as SYNC. If it's really necessary to make a call I can always fumble with my phone, oblivious to the oncoming telephone pole.
 

·
Premium Member
Joined
·
787 Posts
Note, to do “Siri eyes freei” using the voice control button on the steering wheel, you have to press and hold the button until the Siri prompt comes up. A momentary press tries to call up OnStar voice commands.
 

·
Registered
Joined
·
35 Posts
I realize this conversation is old, but for others looking into this: If you want to try partially disabling Onstar, I think the Onstar module is just behind the infotainment screen. (see images) You can access the plugs to the module by pulling out the glove box and looking towards the driver side. (see user manual) . It's hard to see all the plugs , but take a photo in there with your camera and you will find three. Which one is which I don't yet know. One of them presumably leads to the phone antenna.
There is a utube video about removing the whole unit, unplugging the antenna and replacing. but it's for a different car.
It looks like a real chore to remove the onstar module in the Bolt.
However unplugging the antenna elsewhere might work. probably the wire runs up the passenger side door jam.
but the actual picture (attached) I believe is the radio antenna wire.

oops As a newbie, I can't post links or pictures. but you can figure them out

utube. ___ /watch?v=KAbTy_jFcbc
auto<dot>howstuffworks<dot>com/onstar2.htm

images came from repairprocedurs<dot>com use the 2017 bolt service manual .. the
2018 is not searchable for some reason. look up

Roof Accessory Radio Antenna Cable Replacement
and
Communication Interface Module Bracket Replacement

good hunting.

Note for ProffesorBolta, If you find yourself tempted to help me understand the world better.
Save your time, I really don't need any of your advice. thanks anyway.
 

Attachments

·
Registered
Joined
·
1,106 Posts
Interesting old thread I hadn't seen before.

My take from a former IT guy with a mind for Information Security (InfoSec).

Assume that anyone and everyone who can collect data on you does, the real question is what do they do with that data after they've collected it and how securely do they keep it.

I won't get into what each company wants from your data and what they use it for, that's a different discussion, but suffice to say I don't believe that GM sells your data (in any remotely identifiable way anyways) and probably mostly uses it as a research tool for product design and marketing purposes.

I'm not an Apple user or fan but I regard their security to be well above the average, even if the main focus of that security is preventing their customers from doing what they want with the Apple products they purchased, the net result is pretty decent security of your data.

As for Google, their security is among the best, the biggest risk factor there is that as Google is such a big corporation with such a massive infrastructure and any security is only as strong as it's weakest link. Your 15GB of Google data is probably spread out and replicated over hundreds of servers/storage units across dozens of sites in several continents. The flip side of that is that anyone who wants to get at and do something with the data isn't dealing with finding a needle in a haystack they are dealing with finding and cataloging a whole lotta incomplete needles in a big stack of other incomplete needles.

One factor that a lot of people don't consider is Amazon, in addition to collecting and using your data if you're a customer (and I suspect a large majority of us are) there are a lot of companies who use Amazon's AWS cloud infrastructure to store and access their data on you. A major AWS breach could have serious consequences for billions of people.

As for GM and Onstar, based on by observations of the My Chevrolet app and web sites as well as the Maven app I do not rate their technical competence as very high at all. They can't even make a basic app that works well or reliably I don't think their security is likely to be thorough. An app as bad as My Chevrolet from a major corporation would have been an embarrassment 10 years ago when mobile apps were new and immature. I'm actually surprised that GM hasn't already had a major security breach that we've heard about. If it's revealed tomorrow that some GM marketing weenie left his laptop in a taxi and on that laptop there was an encrypted database with the names, addresses and phone numbers and driving statistics of everyone who bought a Bolt in 2017 I won't be even a little bit surprised. This is one of the reasons I refused to give my dealer my social security number when I was filling out the purchase documents.

All of that said, while I believe I'm more cognizant than most on security risks I don't consider myself to be paranoid. I use my real name and usernames based on my real name everywhere, I have multiple domain names registered (including one that is my surname) and all of those registrations list my personal information including home address. Heck I'm still a very active Foursquare user where I literally tell Foursquare (and the world) about all the places I go. I do take some precautions including the fact that I use a unique, randomly generated password for every site and service I use (for example my password for this site is something like (but isn't) "6*F9Tp%lotcw" and that password is not used on any other site) because I don't want to worry if one site gets hacked. Of course if LastPass ever got hacked I'be be completely screwed.

In summary (also known as "tl;dr") I am 99% sure that GM is tracking and collecting data on all of us via Onstar and I don't believe that they are doing a good job of protecting that data, but I'm not particularly worried about it because my life is already a pretty open book.
 

·
Registered
Joined
·
624 Posts
Discussion Starter #20
I am 99% sure that GM is tracking and collecting data on all of us via Onstar


yep.
https://imgur.com/a/PxHYNhs

if you touch 'more trip details' it'll show you a map of where you went. i don't know for sure, but i assume they keep all this data, probably forever. by default you're enrolled in data sharing with insurance agencies - i didn't realize that until just now. if you unenroll, they'll still track your data, just not share it.
 
1 - 20 of 22 Posts
Top