Subaru security vulnerability exposed millions of cars to tracking risks

Two security researchers discovered a security vulnerability in Subaru’s Starlink-connected vehicles last year that gave them “unrestricted targeted access to all vehicles and customer accounts” across the U.S., Canada, and Japan, according to a Wired report.

The researchers, Sam Curry and Shubham Shah, alerted the Japanese automaker to the flaws in November and they were quickly fixed. Subaru told Wired that “after being notified by independent security researchers, [Subaru] discovered a vulnerability in its Starlink service that could potentially allow a third party to access Starlink accounts. The vulnerability was immediately closed and no customer information was ever accessed without authorization.”

The researchers said that a hacker who only knew the car owner’s last name and ZIP code, email address, phone number, or license plate could remotely start, stop, lock, unlock, and retrieve the current vehicle, retrieve any vehicle’s complete location history from the past year, and find personally identifiable information of any customer.

Curry and Shah said that similar web-based flaws have been found in several other carmakers, including Kia, Honda, and Toyota.

While Curry and Shah acknowledged the security fixes, they warned that simply patching security updates after issues were found isn’t enough to remedy the more pervasive issue of privacy in the automotive industry. And even if those vulnerabilities are all remedied, employees still have access to location data.

“You can retrieve at least a year’s worth of location history for the car, where it’s pinged precisely, sometimes multiple times a day,” Curry told Wired. “Whether somebody’s cheating on their wife or getting an abortion or part of some political group, there are a million scenarios where you could weaponize this against someone.”

https://www.fastcompany.com/91266251/subaru-security-vulnerability-exposed-millions-of-cars-to-tracking-risks?partner=rss&utm_source=rss&utm_medium=feed&utm_campaign=rss+fastcompany&utm_content=rss

Létrehozva 7mo | 2025. jan. 23. 21:10:03

Jelentkezéshez jelentkezzen be

EGYÉB POSTS Ebben a csoportban

This $200 million sports streamer is ready to take on ESPN and Fox

Recent Nielsen data confirmed what many of us had already begun to sense: Streaming services

2025. aug. 15. 11:50:09 | Fast company - tech

This new flight deck technology is making flying safer, reducing delays, and curbing emissions

Ever wondered what goes on behind the scenes in a modern airliner’s cockpit? While you’re enjoying your in-flight movie, a quiet technological revolution is underway, one that’s

2025. aug. 15. 11:50:07 | Fast company - tech

The case for personality-free AI

Hello again, and welcome to Fast Company’s Plugged In.

For as long as there’s been software, upgrades have been emotionally fraught. When people grow accustomed to a pr

2025. aug. 15. 11:50:07 | Fast company - tech

Why AI is vulnerable to data poisoning—and how to stop it

Imagine a busy train station. Cameras monitor everything, from how clean the platforms are to whether a docking bay is empty or occupied. These cameras feed into an

2025. aug. 15. 9:40:03 | Fast company - tech

5 ways to keep your electronic devices from overheating this summer

The summer holidays are here and many of us will heading off on trips to hot and sunny destinations,

2025. aug. 14. 17:30:04 | Fast company - tech

Why Nvidia and AMD’s China pay-to-play deal with Trump could backfire

Welcome to AI Decoded, Fast Company’s weekly new

2025. aug. 14. 17:30:02 | Fast company - tech

Here are the countries restricting access to WhatsApp

Russia on Wednesday became the latest country to restrict some

2025. aug. 14. 15:10:04 | Fast company - tech

Tomas_r2