Hackers exposed serious vulnerabilities in Subaru’s Starlink infotainment system, enabling remote vehicle control and access to sensitive location data
A pair of hackers, Sam Curry and Shubam Shah, has been exposed enabling them to remotely take control of a Subaru Impreza, exposing security vulnerabilities within Subaru’s Starlink-connected infotainment system. The pair gained unauthorized access to the vehicle through a compromised web portal linked to Subaru, which allowed them to unlock the car, sound the horn, and start the ignition using any smartphone or computer.
Curry elaborated on his methods in a video and blog post, revealing that he simply reset the password of a Subaru employee’s account, thereby accessing a trove of location data spanning more than a year. . The hackers said this data included precise records of vehicle movements, down to specific parking spots. Subaru acknowledged the breach and said it has since patched the vulnerability, emphasizing the need to collect location data to aid in emergencies and vehicle recovery.
However, Curry and experts in the hacking community argue that there is little justification for motor vehicle manufacturers to collect extensive historical location data. They warn that the vulnerabilities they exploit are not exclusive to Subaru, claiming similar flaws exist in the systems of brands like Acura, Honda, Hyundai, Toyota, and more.
Meanwhile, cybersecurity concerns aren’t limited to Subaru. Security researchers at Kaspersky have recently identified 13 critical vulnerabilities within Mercedes-Benz’s Mbux Infotainment system, which would enable hackers to steal data and disable anti-theft protection if they were to physically access the vehicle. Can access. Although Mercedes-Benz responded that it had patched these vulnerabilities since 2022, concerns remain about the security risks posed by modern connected vehicles.
The growing consensus among cybersecurity experts is clear: modern automobiles pose significant privacy and security threats. A recent Mozilla report emphasized that many cars are “a privacy nightmare”, collecting excessive data from users without informed consent and alarmed about the potential for hackers to exploit these vehicles. Increases.
Thanks for reading..
