Two security researchers discovered a security vulnerability in Subaru’s Starlink-connected vehicles last year that gave them “unrestricted targeted access to all vehicles and customer accounts” across the U.S., Canada, and Japan, according to a Wired report.
The researchers, Sam Curry and Shubham Shah, alerted the Japanese automaker to the flaws in November and they were quickly fixed. Subaru told Wired that “after being notified by independent security researchers, [Subaru] discovered a vulnerability in its Starlink service that could potentially allow a third party to access Starlink accounts. The vulnerability was immediately closed and no customer information was ever accessed without authorization.”
The researchers said that a hacker who only knew the car owner’s last name and ZIP code, email address, phone number, or license plate could remotely start, stop, lock, unlock, and retrieve the current vehicle, retrieve any vehicle’s complete location history from the past year, and find personally identifiable information of any customer.
Curry and Shah said that similar web-based flaws have been found in several other carmakers, including Kia, Honda, and Toyota.
While Curry and Shah acknowledged the security fixes, they warned that simply patching security updates after issues were found isn’t enough to remedy the more pervasive issue of privacy in the automotive industry. And even if those vulnerabilities are all remedied, employees still have access to location data.
“You can retrieve at least a year’s worth of location history for the car, where it’s pinged precisely, sometimes multiple times a day,” Curry told Wired. “Whether somebody’s cheating on their wife or getting an abortion or part of some political group, there are a million scenarios where you could weaponize this against someone.”
Login to add comment
Other posts in this group
A study has confirmed what we all suspected: “K” is officially the worst text you can send.
It might look harmless enough, but this single letter has the power to shut down a conversatio
SoundCloud is facing backlash after creators took to social media to complain upon discovering that the music-sharing platform uses uploaded music to train its AI systems.
According to S
The Trump administration on Thursday proposed a multibillion-dollar overhaul of a
As recently as 2021, Figma was a one-product company. That product was Figma Design, the dominant tool for creating app and web interfaces. The company’s subsequent addition of offerings such as
A startup marketing to Gen Z on college campuses filed a lawsuit this week alleging that Instacart engaged in federal trademark infringement and unfair competition by naming its new group ordering
Influencers often face more negativity than most people experience in a lifetime—and with that comes a significant mental health toll. Now, a new therapy service has been launched specifically for
When Christopher Pelkey was killed in a road rage incident in Arizona, his family was left not only to grieve but also to navigate how to represent him in court. As they prepared to confront his k
