Source URL: https://www.wired.com/story/subaru-location-tracking-vulnerabilities/
Source: Wired
Title: Subaru Security Flaws Exposed Its System for Tracking Millions of Cars
Feedly Summary: Now-fixed web bugs allowed hackers to remotely unlock and start millions of Subarus. More disturbingly, they could also access at least a year of cars’ location histories—and Subaru employees still can.
AI Summary and Description: Yes
Summary: This text highlights a significant breach in automotive cybersecurity, detailing how vulnerabilities in Subaru’s web portal allowed researchers to gain unauthorized access to sensitive vehicle features and location data. The implications of such vulnerabilities raise concerns about privacy, security, and the potential misuse of location information for malicious purposes.
Detailed Description:
The article discusses the investigation performed by security researchers Sam Curry and Shubham Shah into the cybersecurity of Subaru’s internet-connected features within the 2023 Impreza model. Their findings unveil critical vulnerabilities that could have far-reaching implications for both individual privacy and vehicle security.
Key Points:
– **Purchase for Research**: Curry bought his mother a Subaru with the intention of examining its security vulnerabilities.
– **Discovery of Vulnerabilities**: They discovered weaknesses in a Subaru web portal, which allowed them to:
– Hijack controls to unlock the car, honk the horn, and start the ignition remotely.
– Access the car’s location history for up to a year, revealing sensitive information about the car owner’s daily habits and visits.
– **Potential For Misuse**: The ability to track a person’s movements raises severe privacy concerns. Curry mentions scenarios like:
– Stalking or harassment.
– Blackmail based on sensitive personal activities (like medical visits or political affiliations).
– **Access Through Employee Portal**: The researchers found that an employee admin portal could be leveraged to access not just individual car controls but also extensive location data.
– **Geographical Scope**: These vulnerabilities potentially affect Subaru vehicles equipped with the Starlink feature in North America and Japan.
The implications for security and privacy are profound, as such breaches can lead to unauthorized tracking and manipulation of vehicle functionalities, thereby posing risks not only to individual privacy but also to public safety. This incident underscores the urgent need for enhanced cybersecurity measures within the automotive industry, particularly as vehicles become increasingly interconnected and reliant on digital features.
The findings are critical for security and compliance professionals, highlighting the importance of robust security controls and continuous monitoring of potential vulnerabilities in IoT devices, including vehicles.