Subaru security vulnerability exposed millions of cars to tracking risks

Two security researchers discovered a security vulnerability in Subaru’s Starlink-connected vehicles last year that gave them “unrestricted targeted access to all vehicles and customer accounts” across the U.S., Canada, and Japan, according to a Wired report.

The researchers, Sam Curry and Shubham Shah, alerted the Japanese automaker to the flaws in November and they were quickly fixed. Subaru told Wired that “after being notified by independent security researchers, [Subaru] discovered a vulnerability in its Starlink service that could potentially allow a third party to access Starlink accounts. The vulnerability was immediately closed and no customer information was ever accessed without authorization.”

The researchers said that a hacker who only knew the car owner’s last name and ZIP code, email address, phone number, or license plate could remotely start, stop, lock, unlock, and retrieve the current vehicle, retrieve any vehicle’s complete location history from the past year, and find personally identifiable information of any customer.

Curry and Shah said that similar web-based flaws have been found in several other carmakers, including Kia, Honda, and Toyota.

While Curry and Shah acknowledged the security fixes, they warned that simply patching security updates after issues were found isn’t enough to remedy the more pervasive issue of privacy in the automotive industry. And even if those vulnerabilities are all remedied, employees still have access to location data.

“You can retrieve at least a year’s worth of location history for the car, where it’s pinged precisely, sometimes multiple times a day,” Curry told Wired. “Whether somebody’s cheating on their wife or getting an abortion or part of some political group, there are a million scenarios where you could weaponize this against someone.”

https://www.fastcompany.com/91266251/subaru-security-vulnerability-exposed-millions-of-cars-to-tracking-risks?partner=rss&utm_source=rss&utm_medium=feed&utm_campaign=rss+fastcompany&utm_content=rss

Létrehozva 1mo | 2025. jan. 23. 21:10:03

Jelentkezéshez jelentkezzen be

EGYÉB POSTS Ebben a csoportban

Here are crypto’s biggest heists after Bybit’s $1.5 billion hack

Cryptocurrency exchange Bybit said last week hackers had stolen digital tokens worth around $1.5 billion, in what researchers called the biggest crypto heist of all time.

Bybit CEO Ben Z

2025. febr. 24. 22:30:07 | Fast company - tech

‘We are never going to stop existing’: Hunter Schafer called out Trump’s passport policy on TikTok

“I had a bit of a harsh reality check today, and felt like it’s important to share with whoever is listening,” model and actress Hunter Schafer said in an eight-minute

2025. febr. 24. 20:20:06 | Fast company - tech

Anthropic’s new Claude AI model can decide between speed and deep thinking

Anthropic released on Monday its Claude 3.7 Sonnet model, which it says returns results faster and can show the user the “chain of thought” it follows to reach an answer. This latest model also po

2025. febr. 24. 20:20:05 | Fast company - tech

What to know about Apple’s biggest-ever U.S. investment

This morning, Apple announced its largest spend commitment to da

2025. febr. 24. 20:20:04 | Fast company - tech

Ai2’s Ali Farhadi advocates for open-source AI models. Here’s why

A year before Elon Musk helped start OpenAI in San Francisco, philanthropist and Microsoft cofounder Paul Allen already had established his own nonprofit

2025. febr. 24. 17:50:07 | Fast company - tech

How agentic AI will shape the future of business

In 2024, Amazon introduced its AI-powered HR ass

2025. febr. 24. 17:50:06 | Fast company - tech

How ‘lore’ became the internet’s favorite way to overshare

Lore isn’t just for games like The Elder Scrolls or films like The Lord of the Rings—online, it has evolved into something entirely new.

The Old English word made the s

2025. febr. 24. 13:20:04 | Fast company - tech

Tomas_r2