Subaru STARLINK System Vulnerability Exposes Customer Data

🚗🔓 Security Flaw in Subaru’s STARLINK System Exposes Customer Data and Vehicle Control. A significant vulnerability discovered in Subaru’s STARLINK connected vehicle service allowed unauthorized access to customer accounts and vehicle controls across the U.S., Canada, and Japan. The flaw enabled attackers to remotely start, stop, lock, unlock vehicles, and access sensitive customer information, including location history and billing details, using only basic personal data. The issue was reported on November 20, 2024, and Subaru patched the vulnerability within 24 hours, with no evidence of exploitation. The incident highlights the challenges of securing connected vehicle systems, where broad access permissions can lead to serious privacy and security risks.

Source

Original