Subaru Starlink Vulnerability Allows Remote Vehicle Access
/ 1 min read
🚗🔓 Subaru’s Starlink service vulnerability exposes customer accounts and vehicles to hacking risks. Security researchers Sam Curry and Shubham Shah discovered a significant flaw in Subaru’s Starlink connected vehicle service, allowing unrestricted access to customer accounts in the US, Canada, and Japan. The vulnerability stemmed from an admin panel that could be accessed without proper authentication, enabling attackers to reset employee passwords and bypass two-factor authentication. This access allowed them to view sensitive vehicle and customer information, remotely control vehicles, and even take over cars without alerting owners. Curry reported the issue to Subaru on November 20, 2024, and the company addressed the vulnerability within 24 hours. This incident highlights ongoing security concerns in connected vehicle systems.
