This is your blog to plan for paper 2
You need to find an article that is suitable to analyse, summarise it like a paper 2 scenario, then begin analysing it (answer it) using the paper 2 question format:

Criterion A — The issue and stakeholder(s) [4 marks]
1. (a) Describe one social/ethical concern related to the IT system in the article.
(b) Describe the relationship of one primary stakeholder to the IT system in the article.

Criterion B — The IT concepts and processes [6 marks]
2. (a) Describe, step by step, how the IT system works.
IT system: using hand-held computers, wireless network and central database.
(b) Explain the relationship between the IT system and the social/ethical concern described in Criterion A.

Criterion C — The impact of the social/ethical issue(s) on stakeholders [8 marks]
3. Evaluate the impact of the social/ethical issues on the relevant stakeholders.

Criterion D — A solution to a problem arising from the article [8 marks]
4. Evaluate one possible solution that addresses at least one problem identified in Criterion C.

Friday, 11 March 2016

Regarding 1.4 Million Flash Drives


Summary: A while back, someone from Wired reported on an exploit present in Jeep automobiles that allowed hackers to remotely control the car, with the potential to turn off the car even, as well as control other settings such as air conditioning. Chrysler, the company that manufactures Jeeps, resolved to ship 1.4 million USB flash drives to owners of Jeeps as well as other vehicles manufactured by Chrysler that had been affected by this problem.


Criterion A — The issue and stakeholder(s) [4 marks]
1. (a) Describe one social/ethical concern related to the IT system in the article.


The reliability of the update issued to Jeep owners may be put into question as it is intended to fix an exploit that allows for the vehicle to be turned off in the middle of the road. Should it be applied or coded incorrectly, then the vehicle’s problem may not be fixed or the vehicle may not turn on at all.


(b) Describe the relationship of one primary stakeholder to the IT system in the article.


Jeep owners drive the vehicles for any purpose and hence regularly use it and a condition of normal use is that it is constantly operable according to the settings they have configured.


Criterion B — The IT concepts and processes [6 marks]
2. (a) Describe, step by step, how the IT system works.


The Jeep owner receives a USB flash drive from Chrysler. After receiving the flash drive, they will then use their car keys to open the car door at which point they will then find the USB port in their car and plug the flash drive into the port. Then, they will turn on the car to boot up the car’s firmware. The computer in the car should then recognize the flash drive. There are probably hardware and/or software buttons in the car with which to navigate the relevant menus to find the flash drive, then execute the application to install the update, confirm whether you would like to install it and then install the update. At this point, turn off the car and then turn it on again in order for the updated firmware to start up.


IT system: Jeep update


(b) Explain the relationship between the IT system and the social/ethical concern described in Criterion A.


Jeep owners will have applied the update in order to prevent the possibility of the car being remotely controlled and turned off in the middle of the road. However, if the owners are not competent or the update was not coded correctly, then their car may malfunction or even be unable to turn on in which case they will have to send in the car to Chrysler to reinstall the firmware or find a mechanic to repair the car or sell the car as it would be completely useless.

Criterion C — The impact of the social/ethical issue(s) on stakeholders [8 marks]
3. Evaluate the impact of the social/ethical issues on the relevant stakeholders.


Chrysler – management



Chrysler – developers


Authenticity

Reliability – The developers should run a system to emulate the Jeep firmware or run the firmware on an actual Jeep in order to test the update. In doing so, they should cover as many potential scenarios as possible in order to rectify any particular problems with any specific memory addresses that could be vulnerable to buffer overflows or some other form of attack.

Security – In patching this error, Chrysler developers should prevent external connections to the Jeeps or if the cars are Internet-enabled, then a whitelist setting should be made that only allows external connections from particular people with unique identifiers (e.g. Chrysler developers, Jeep owners)


Jeep owners


Reliability

Security

Privacy – Receiving the update would not be prioritized as a privacy concern as the error in question is one relevant to the operation of their car and any use or manufacture of the update by Chrysler would not be viewed as a privacy invasion. However, those that previously hacked Jeeps would find they cannot do so do to the update being applied. If they obtained any identifying information about the vehicle before, then they could use this to determine which have had the update applied.


Chrysler – dealerships


Integrity – The dealerships may disclose news of this exploit to affected consumers and provide flash drives in order to keep faithful customers, maintain ethical practice or to signal potential customers that they are technologically aware. However, the dealerships may also not make customers aware of the update, but provide flash drives or also not in order to gain profits from customers who come in to get the car serviced for this update or better yet to buy new cars or perhaps prevent the loss of profit due to people selling their Jeeps knowing of this exploit or due to criticism of Chrysler regarding the incident being widespread enough that sales may be hindered, hence making it preferable to hide the news.


People that previously hacked Jeeps


Security – The people that previously hacked Jeeps may attempt to circumvent the updated code and exploit it in order to reassert control over Jeeps either for malicious intent or for entertainment (though the entertainment is Schadenfreude for the hacker and unfortunate for the victim)


Criterion D — A solution to a problem arising from the article [8 marks]
4. Evaluate one possible solution that addresses at least one problem identified in Criterion C.


Chrysler could also include in the update a scheme to change how Jeeps identify on an Internet-enabled car network once the update has been applied. This could be done by changing the identifier the Jeep uses to denote itself (e.g. changing its name from JEEP-0198628 to $857@hgbd*0245j) or by using a different IP address every time the car connects to the network or by using encrypted connections between services the car accesses and itself as much as possible to prevent hackers from gaining unauthorized access to the car and controlling it to their whim. In addition, this would allow users to maintain their privacy from hackers after having been previously hacked and after installing the update since their identifier would change and the identification that the hacker used to correspond to any data he had about the car (e.g. license plate, color, model, year) would no longer register or correspond as that car would have been technically decommissioned, not exist anymore, or be a different car altogether.


2 comments:

  1. Criterion A = 4 marks due to appropriate social/ethical concern was mentioned and a descriptive relationship between the user and the IT system.

    Criterion B = 5 or 6 marks, an in-depth understanding of the IT system and how it functions, knowledge outside the article is clearly stated. Didn't mention the social/ethical concern, should mention it again to make it easier for examiners to link to it.

    Criterion C = 6 or 7, Impacts of the social/ethical issues are realized and analyzed to an extent but doesn't really show the advantages and disadvantages for each stakeholder, however there is a constant use of appropriate ITGS terminology throughout.

    Criterion D = 5 or 6 marks, An appropriate solution is identified however you did not mention the potential weaknesses of this solution therefore I would say that you are in the 5 mark band, there is ITGS terminology used throughout the text.

    ReplyDelete
    Replies
    1. Overall I would say that you scored 20/26

      Delete

Note: only a member of this blog may post a comment.