Subaru security vulnerability exposed millions of cars to tracking risks

Two security researchers discovered a security vulnerability in Subaru’s Starlink-connected vehicles last year that gave them “unrestricted targeted access to all vehicles and customer accounts” across the U.S., Canada, and Japan, according to a Wired report.

The researchers, Sam Curry and Shubham Shah, alerted the Japanese automaker to the flaws in November and they were quickly fixed. Subaru told Wired that “after being notified by independent security researchers, [Subaru] discovered a vulnerability in its Starlink service that could potentially allow a third party to access Starlink accounts. The vulnerability was immediately closed and no customer information was ever accessed without authorization.”

The researchers said that a hacker who only knew the car owner’s last name and ZIP code, email address, phone number, or license plate could remotely start, stop, lock, unlock, and retrieve the current vehicle, retrieve any vehicle’s complete location history from the past year, and find personally identifiable information of any customer.

Curry and Shah said that similar web-based flaws have been found in several other carmakers, including Kia, Honda, and Toyota.

While Curry and Shah acknowledged the security fixes, they warned that simply patching security updates after issues were found isn’t enough to remedy the more pervasive issue of privacy in the automotive industry. And even if those vulnerabilities are all remedied, employees still have access to location data.

“You can retrieve at least a year’s worth of location history for the car, where it’s pinged precisely, sometimes multiple times a day,” Curry told Wired. “Whether somebody’s cheating on their wife or getting an abortion or part of some political group, there are a million scenarios where you could weaponize this against someone.”

https://www.fastcompany.com/91266251/subaru-security-vulnerability-exposed-millions-of-cars-to-tracking-risks?partner=rss&utm_source=rss&utm_medium=feed&utm_campaign=rss+fastcompany&utm_content=rss

Created 3mo | Jan 23, 2025, 9:10:03 PM


Login to add comment

Other posts in this group

Is Apple falling behind on hardware?

If you’ve followed Apple for any length of time, you’ve no doubt come across the notion that the company doesn’t rush into adopting cutting-

Apr 27, 2025, 11:30:07 AM | Fast company - tech
This free audio enhancer will totally transform your voice memos

Every now and then, you run into a tool that truly wows you.

It’s rare—especially nowadays, when everyone and their cousin is coming out with overhyped AI-centric codswallop tha

Apr 26, 2025, 12:20:10 PM | Fast company - tech
Elon Musk’s Trump gamble is costing him bigly

Tesla released its quarterly earnings report on Tuesday, its first since the company’s chief executive, Elon Musk, took up residence in the Trump White House and immediately began trying to fire f

Apr 26, 2025, 12:20:09 PM | Fast company - tech
Say goodbye to cheap versions of Ozempic and Wegovy

There’s never a dull day in the world of weight-loss medication. This week brought new restrictions on compounded GLP-1 medication, the cheaper, copycat versions of brand-name drugs that tel

Apr 26, 2025, 12:20:08 PM | Fast company - tech
Why Apple needs Tim Cook more than ever in the age of Trump

In December 2023, I wrote an article exploring Apple CEO Tim Cook’s most likely successors, because t

Apr 26, 2025, 10:10:03 AM | Fast company - tech
Families demand action from Meta over children’s deaths linked to platform harm

“Meta profits, kids pay the price,” was the message delivered by dozens of grieving families at the doors of Meta’s Manhattan office on Thursday.

Forty-five families traveled from

Apr 25, 2025, 8:10:07 PM | Fast company - tech
How BYD, Great Wall, and other key Chinese EV makers are reshaping the global auto industry

The world’s auto industry is getting a shake-up from Chinese automakers that

Apr 25, 2025, 5:50:03 PM | Fast company - tech