I was recently very late getting to work, but this time I had a good and unique excuse: I was driving my brand-new Lexus and decided to use the cars navigation system to come up with an alternate route to the office.
The next thing I knew, it was many hours later, and I was pulling up to a doughnut shop in Poughkeepsie instead of my office outside of Boston.
OK, Im kidding. The closest Ive ever come to owning a Lexus was my old Toyota Tercel. But the story about the messed-up navigation system isnt that improbable.
According to a recent story, several late-model Lexus vehicles were infected with a virus transmitted via cell phones. And how did these cars get a cell phone virus? As it turns out, the navigation and other systems in these Lexus models were Bluetooth-enabled.
The virus story is more amusing than scary because the worst that could probably happen is that you could end up miles away from your intended destination. (Although, of course, all serious viruses are preceded by a minor irritant of a virus.)
No, the thing that really befuddles me is that someone at Toyota/Lexus, a group that seems to know a thing or two about good design decisions, decided that implementing Bluetooth support in a car was a good idea.
I mean, how does this work? Did someone stand up in a meeting and say, “Hey, Ive got a great idea. Lets add a completely insecure and easily hacked wireless entry into our cars computer systems”?
Didnt anyone have the guts to stand up and say, “Excuse me, but are you nuts?”
Was there no one in that meeting with a devils-advocate personality and a healthy imagination for worst-case, doom-and-gloom scenarios? It doesnt take a lot to imagine viruses jumping from nonessential to essential computer systems.
Think of a virus that could jump from a navigation computer to a connected OnStar system, which has the ability to lock, unlock, start and stop cars.
And, of course, there are the inevitable privacy and tracking capabilities that could be abused by stalkers or the government.
I dont want to jump too much on Lexus here—it clearly isnt alone in making this kind of design decision. Across the gamut of software and hardware products, one can easily find cases where huge security problems were created by stupid and easily avoidable design decisions. (Wait a second while I double-check that the active scripting is turned off in my mail program and word processor.)
Clearly, things need to change at many companies, and every company needs someone who is constantly thinking “What if?”
Im proposing that all companies add a new position, the main responsibility of which would be to shine the cold, hard light of potential disaster on questionable product and project decisions.
Ive decided to call this new position the Glum, named after (and I know Im dating myself here) the depressing little guy from the old “The Adventures of Gulliver” cartoon. The Glum essentially will be required to stand up at design and project meetings and politely state all the ugly ways a decision could blow up in the companys face.
Of course, just like in the cartoon, there will be a tendency to ignore the Glum and his cries of “Were doomed.” Thats why it will be important for the Glum to make sure that the nightmare scenarios are really possible and leave the way-out ideas to the conspiracy Web sites.
Product managers and design teams will learn quickly that they ignore the Glum at their own peril—if a problem does occur, it will be recorded that the potential for the problem was clearly stated by the Glum and then ignored. Managers most likely will find themselves looking for new jobs because they chose to ignore the Glum.
Im not saying that all projects should be stopped because of potential problems. There are risk-and-reward decisions that must be made with everything. But companies need to make sure that their decisions fall clearly on the reward side.
Hang on. I have to go help someone outside. His Lexus is bouncing up and down, and the windows are opening and closing like crazy. I wonder how you patch a car computer?
Labs Director Jim Rapoza can be reached at [email protected].