Now-fixed web bugs allowed hackers to remotely unlock and start any of millions of Subarus. More disturbingly, they could also access at least a year of cars’ location histories—and Subaru employees still can.
  • WhatsHerBucket@lemmy.worldEnglish
    8·
    1 month ago

    Summary:

    Security researchers Sam Curry and Shubham Shah identified critical vulnerabilities in Subaru’s web portal that allowed unauthorized access to vehicles’ internet-connected features. Through these flaws, they could remotely unlock doors, start the engine, and access detailed location histories spanning at least a year. These vulnerabilities potentially affected millions of Subaru vehicles equipped with the Starlink system in the U.S., Canada, and Japan. Upon being informed, Subaru promptly addressed and patched the issues. However, concerns remain about the extensive location data accessible to Subaru employees, highlighting broader privacy implications regarding the data modern vehicles collect.

  • bokherif@lemmy.worldEnglish
    6·
    1 month ago

    Subaru is under the microscope, but every car manufacturer does the same dumb shit these days.

    • dantheclamman@lemmy.worldOPEnglish
      2·
      1 month ago

      Yeah, the article discusses it. It was unique here, though, that everyday Subaru employees have a way to see at least a year of location history for all customers, with no restrictions

      • PM_Your_Nudes_Please@lemmy.worldEnglish
        1·
        1 month ago

        Yeah, this is a nightmare scenario for an abuse victim. Imagine if your partner works at Subaru, you got your car through them, and now you’re trying to escape them.