Security Flaw Found in Subaru’s Connected Vehicle System

Major Security Flaw Exposed in Subaru’s STARLINK Service: Unrestricted Access to User Accounts and Vehicles at Risk

Subaru’s STARLINK Service Exposed: Major Vulnerability Poses Security Risk to Users

In a troubling revelation, cybersecurity researchers Shubham Shah and Sam Curry have identified a significant vulnerability within Subaru’s STARLINK connected vehicle service, affecting users across the United States, Canada, and Japan. This flaw allows unauthorized access to all user accounts and vehicle controls if a malicious actor possesses sensitive personal information such as a user’s surname and ZIP code.

By taking advantage of this security gap, hackers could potentially track vehicle locations, remotely control essential functions like locking or starting the car, and even glean a year’s worth of location history and other sensitive data, including odometer readings and previous owners. Josh Jacobson, Director of Professional Services at HackerOne, explained that hardcoded credentials within JavaScript files enabled researchers to bypass security measures, gaining full administrative access to any STARLINK-connected vehicle.

The implications are dire, as Clyde Williamson, Senior Product Security Architect at Protegrity, noted, “Hackers could exploit this data not only to identify individuals but also to orchestrate targeted social engineering attacks.” These risks extend beyond the vehicle itself to the personal lives of users, raising alarms about safety and privacy.

As connected vehicles proliferate, experts highlight the inadequacy of security measures, pointing to the outdated CAN bus protocol designed without modern safeguarding. Williamson urged manufacturers to adopt robust data protection strategies, such as encryption, to combat potential exploitation.

The lack of transparency around data collection practices has left consumers vulnerable, often unaware of the sensitive information they unwittingly provide. With regulatory oversight faltering, the call for stronger legislation and proactive data security measures in the automotive industry has never been more urgent. As technology advances, protecting users must remain a top priority.

Security Flaw Found in Subaru’s Connected Vehicle System

Major Security Flaw Exposed in Subaru’s STARLINK Service: Unrestricted Access to User Accounts and Vehicles at Risk

Related articles

CISA and FDA Alert Users to Serious Backdoor Vulnerability in Contec CMS8000 Patient Monitors

Investigation into Cyberattack at the University of Notre Dame

Federal Spending Halt Poses Risks to Ecosystems and Public Safety

Recent articles

UAE Ministry of Defence to Host International Conference on Defence Industry, Technology, and Security

Russian Cyber Threat Group Breaches U.S. Energy Infrastructure

Commercial Bank of Dubai Propels UAE’s AI Vision Forward with Microsoft’s Copilot ‘Promptathon’

SEBI Revokes Licenses of Four Stock Brokers Due to Regulatory Breaches

Latest Updates

UAE Ministry of Defence to Host International Conference on Defence Industry, Technology, and Security

Russian Cyber Threat Group Breaches U.S. Energy Infrastructure

Commercial Bank of Dubai Propels UAE’s AI Vision Forward with Microsoft’s Copilot ‘Promptathon’

SEBI Revokes Licenses of Four Stock Brokers Due to Regulatory Breaches