Some fascinating research out on hacking a Subaru via STARLINK connected vehicle service.
-
Some fascinating research out on hacking a Subaru via STARLINK connected vehicle service.
"On November 20, 2024, Shubham Shah and I discovered a security vulnerability in Subaru’s STARLINK connected vehicle service that gave us unrestricted targeted access to all vehicles and customer accounts in the United States, Canada, and Japan.
Using the access provided by the vulnerability, an attacker who only knew the victim’s last name and ZIP code, email address, phone number, or license plate could have done the following:
Remotely start, stop, lock, unlock, and retrieve the current location of any vehicle.
Retrieve any vehicle’s complete location history from the past year, accurate to within 5 meters and updated each time the engine starts.
Query and retrieve the personally identifiable information (PII) of any customer, including emergency contacts, authorized users, physical address, billing information (e.g., last 4 digits of credit card, excluding full card number), and vehicle PIN.
Access miscellaneous user data including support call history, previous owners, odometer reading, sales history, and more.
After reporting the vulnerability, the affected system was patched within 24 hours and never exploited maliciously."
-
I [email protected] shared this topic
-
O [email protected] shared this topic
-
R [email protected] shared this topic
-
replied to BrianKrebs last edited by
@briankrebs
I still say that the *many* stories like this would create a huge market for anyone offering cars with privacy features & guarantee.
*All* manufacturers do it... shamelessly.
They install connectivity as "safety" but it's really about marketing and monetization -
replied to BrianKrebs last edited byThis post is deleted!
-
replied to BrianKrebs last edited by
Shubs is the GOAT
-
replied to BrianKrebs last edited by
@briankrebs Would this work if you are not signed up for the Starlink service?
Asking for a friend.
