Zipcar Disruption

This isn’t a security story, but it easily could have been. Last Saturday, Zipcar had a system outage: “an outage experienced by a third party telecommunications vendor disrupted connections between the company’s vehicles and its reservation software.”

That didn’t just mean people couldn’t get cars they reserved. Sometimes is meant they couldn’t get the cars they were already driving to work:

Andrew Jones of Roxbury was stuck on hold with customer service for at least a half-hour while he and his wife waited inside a Zipcar that would not turn back on after they stopped to fill it up with gas.

“We were just waiting and waiting for the call back,” he said.

Customers in other states, including New York, California, and Oregon, reported a similar problem. One user who tweeted about issues with a Zipcar vehicle listed his location as Toronto.

Some, like Jones, stayed with the inoperative cars. Others, including Tina Penman in Portland, Ore., and Heather Reid in Cambridge, abandoned their Zipcar. Penman took an Uber home, while Reid walked from the grocery store back to her apartment.

This is a reliability issue that turns into a safety issue. Systems that touch the direct physical world like this need better fail-safe defaults.

Posted on March 20, 2019 at 12:38 PM14 Comments


PJ March 20, 2019 1:05 PM

Friend drove his privately owned electric car from Ireland to Scotland and got stranded at a charging point in remote-ish place in the Highlands because there was a mobile phone network outage. A data connection was needed to charge for the electricity. Each Nissan sold has a SIM and is online regularly, something I confess I had no idea of. He had to wait for 6 hours, fortunately the weather wasn’t bad.

Tatütata March 20, 2019 1:56 PM

There is a bit more than just anecdotal evidence of disloyal tactics between competing operators of self-service bikes and scooters, assisted or not, in places where more than one provider is present.

Maybe some people got ideas…

I would expect a car to experience coverage problems on the ferry between Ireland and Britain. Could the SIM card problem be attributable to roaming agreement difficulties?

Apropos SIM cards on vehicles, Ecall was mandated by the EU in all new cars since about 10 years. The base-line for the devices is supposed to be SIMless (and unable to be addressed), but who can say that there isn’t some device cr*p lurking in the actual deployed systems?

RealFakeNews March 21, 2019 10:20 AM

A work-around could be like some games that use online authentication every time they’re started – if there is no network, it continues to operate for a time. Hardly difficult to implement. It seems they assumed 100% network availability. Once again, poor software design.

@Tatütata: really? All cars? The only cars I’ve seen it on are all German marques.

1&1~=Umm March 21, 2019 10:34 AM

There is of course a side issue to this, which is “legal defence”.

There are traffic zoning rules in some countries that differentiate “Parking” from other activities where you might have reason to stop a vehicle briefly such as picking people up, (un)loading stuff from/into the vehicle, or even pulling over to use a cell phone.

If you had stopped at such a place to carry out the alowed activity, then found you could not drive off, how would you be treated under law?

Most of the legislation alows for break downs and accidents where the vehicle has in effect become either not drivable or not safe to drive.

But appart from being inhibited the cell signal drop out the vehicle is perfectly drivable.

I guess at some point it will make it to court in these days of private contractors being given ‘incentives’ such as fill your quota or get fired.

Tatütata March 21, 2019 1:04 PM


eCall is mandated by the EU, so this concerns all countries and manufacturers, including GB.

I execrate motorcars, and spend much of my existence in maximizing my distance to them in all situations, but I do endeavour to be acquainted with my enemy.

I can spontaneously think of at least one non-German manufacturer, PSA/Peugeot, who even brags about their deployment.

But what is a German manufacturer? SEAT and Skoda?

Are Ford or Open from Europe, the US, or Germany?

The so-called New Mini Cooper is AFAIK a German car.

And BMW, Mercedes or VW produce more beyond German borders than at home.

Meanwhile, the Beast is supposed to be coming up shortly with an car import tariff targeting “German” or “European” manufacturers… To dissuade him, let someone congratulate him in adopting this most far-sighted and effective measure against global warming…

Peter Galbavy March 22, 2019 3:11 AM

Bruce says “this isn’t a security story”, but it is and we all know it. Security is not just about preventing unauthorised access to resources but also making sure that access is available (and reliable) to authorised users. The failure of an organisation to sub-contract telecoms to another org that has it’s own ways of providing reliable service is a bad thing and can’t simply be shrugged off.

James March 22, 2019 7:35 AM

As i’m aware GM adds OnStar to all their cars, even if it’s not activated. Not to mention Tesla where they can ssh into your car (literally). So the problem is not only for the EU made cars.
However if you know a bit of electronics you can use a simple scanner to locate the device and rip it off / short the antenna / etc. I would never drive a connected car, ever.

Tatütata March 22, 2019 1:52 PM

Netzpolitik 21 March 2019, “Staatstrojaner: ZITiS will Autos hacken

“ZITiS wants to hack cars”

ZITis stands for “Zentrale Stelle für Informationstechnik im Sicherheitsbereich”, which translates to something like “Central office for Information Technology in the Security Field”.

It was formed late in 2017, and about half of the 150 budgeted positions have been filled to date. Its role isn’t clearly defined, but it appears to be responsible for the development of software worms to be injected into a variety of devices. A recently created German federal statute now allows to use these for such “routine” criminality such as narcotics contraband rather than “exceptional” “terrorism”, and the ministry of the interior is planning to lower the threshold even more.

Observers worry that the worms are just as capable of sabotaging security critical devices (gas pedal and brakes), in addition to “just” turn on the microphone and record all conversations.

I wonder how the Federal “hackers” will proceed:

scenario A: Samples of all car models and ECUs are purchased, and painstakingly reverse engineered to find flaws allowing the implantation of backdoors.

scenario B: Cut to a dark garage in Stuttgart. Two shady characters are in a discussion whispered in an impenetrable Swabian dialect. “Nice little company you have here, it would be a shame if something were to happen to it, where would all car manufacturers get their electronics? You know, our government never believed it necessary to investigate your role in the diesel emissions scandal, we’re sure you have really nothing to do with any of that. In fact, we even have suggestions on how you could improve your product, how about including a couple of software “hooks” for after-market “patches”?

James March 22, 2019 2:49 PM

Yeah i also remember an older but similar article. They want to mess with cars without triggering the alarms, probably they want to be able to deactivate home alarms too without leaving any trace, and all that crap.
However someone good with electronics could just disable the antennas, problem partially solved. Of course at least in theory maybe a “kill” command could be sent via the TP/TMC system … I really dislike the idea of owning a connected car. With rentals there is not too much you can do …

1&1~=Umm March 23, 2019 1:30 AM

@James @Tatütata:

“Yeah i also remember an older but similar article. They want to mess with cars without triggering the alarms”

Think back a little more to an underpass in Paris, the son of the owner of a famous London store and the ex-wife of the heir to the British throne chased dangerously by men on motorcycles and a mysterious little white car. Suddenly something happens the saloon car unexpectedly crashes all but one of the occupants dies one apparently very mysteriously after having got out of the saloon with just minor cuts and bruises.

Strange stories appear in the media questioning what the white car did and was it an assasination carried out by the UK MI6 using a technology that disrupted the saloon cars electronics, all carried out on behalf of a senior British Royal. The story got repeated all around the world, made worse by different ‘official news’ about the driver first sobet, then drunk either way not alive to defend himself.

It would sound like a fantasy if it had not happened, and one UK Red Top Newspaper carried on with variations of the story for years.

Now just a few decades later we have the equivalents of MI6 very specifically developing software that could do the very thing that was once we assume a conspiracy theory…

Kind of proving ‘If physics allows then somebody will do it’ and we know the physics most certainly works in the notion of ‘connected cars’.

I remember when ‘wireless tyre preasure sensors’ were talked about for ‘automatic tracking’ as a way to implement ‘road tolls’ some people brought up the subject of ‘hacking’ via that RF port. Various people churned out the ‘it’s all issolated’ stories but it was not strictly true as messages ended up on a central control bus/network. Some who knew about such things started to wonder what would happen if you overloaded the receivers in a Denial of Service Attack, or put false readings into the receivers… But when the questions were asked of answers there were none, not even acknowledgment, just the strange silences of static on an old TV screen or tumbleweeds blowing through a dessert town long long deserted to the vagaries of entropy that is the dry wind, burning days and freezing nights.

Of the two questions, I knew the first was one not just of bus bandwidth but delays due to peak loads, a problem that comes up with Real Time Operating Systems (RTOS) from time to time. Especially when talking about contention beyween short response times for breaking systems and fixed time intervals for audio or other fixed rate low delay systems which can not have large buffers such as two way conversations. This is still an open question in many ways but is generaly dealt with –but often baddly– by prioritization.

The second question interested me more, because many engineers are overly trusting in naive ways, they just don’t ‘think hinky’. They spend their lives creating, and thinking ‘how could I flup this up’ is not generaly a speciality they have, even though they might be good at ‘what if’ for safety testing.

It takes a more seasond and worldly wise mind to be what feels like being paranoid but is actually a realisation that some people realy will do such things without qualms and then go home and hug their children and walk the dog. It took the Ed Snowden revelations to show the majority of people that such evil arises from the pure banality of doing a nine-to-five job with good health care and pension paid for by the tax payers and a top secret clearance in the NSA et all.

Thus on one side you have the aspiring engineer who want’s to make the world a better place within the constraints managment allow. So they design a system that would deal correctly with a catastrophic failure such as a tyre blowing out at 250kph on an autobahn. They test it in ‘real world’ scenarios and it’s seen as good and it goes into production. But do they test for ten or twenty blank faced banalities in the Intelligence Community who get paid to work out impossible sequences of values that will actually cause the vehicle to swerve and flip tumble and role?

I think most here are sufficiently jaundiced enough to realise the answer to that…

VinnyG March 23, 2019 4:11 PM

@Peter Galbavy re: “security story” – exactly: “Access; Confidentiality; Integrity” (to quote how one standards organisation formulates the paradigm.)

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.