2025-01-30 15:14:21 Pacfic
Subaru Vehicles Hacked Remotely - 5d
Security researchers have uncovered significant vulnerabilities within Subaru's Starlink connected vehicle service, exposing millions of vehicles to potential remote hacking. The security flaws stem from a lack of proper access controls in the Starlink system, which allowed access to an admin panel intended only for employees. Through Javascript manipulation, researchers were able to change employee passwords, bypass two-factor authentication, and gain full access to the administrative portal. This unauthorized access not only revealed sensitive customer information like names, addresses, and contact details, but also included the ability to view vehicle data including historical location, VIN number and billing information.
This level of access further allowed the researchers to remotely start, stop, lock, and unlock Subaru vehicles. Most concerning was the discovery that these vulnerabilities extended to accessing a year's worth of location history, revealing detailed travel patterns. This information, which is accessible from the admin panel, could potentially be exploited by malicious actors. The security issues also enabled the researchers to assign control of those features to any phone or computer they chose.
ImgSrc: ciso2ciso.com
References:
- www.heise.de - Thanks to Javascript: Subaru cars could be taken over remotely - 5d
- cybersecurity - Subaru Security Flaws Exposed Its System for Tracking Millions of Cars - 5d
- arstechnica.com - Millions of Subarus could be remotely unlocked, tracked due to security flaws - 5d
- Privacy Guides Community - Latest topics - Subaru Security Flaws Exposed Its System for Tracking Millions of Cars - 5d
- www.wired.com - Subaru Security Flaws Exposed Its System for Tracking Millions of Cars - 5d
- ciso2ciso.com - Subaru Starlink Vulnerability Exposed Cars to Remote Hacking – Source: www.securityweek.com - 5d
- CISO2CISO.COM & CYBER SECURITY GROUP - Subaru Starlink Vulnerability Exposed Cars to Remote Hacking – Source: www.securityweek.com - 5d
- @heiseonlineenglish - Thanks to Javascript: Subaru cars could be taken over remotely Security researchers have managed to take control of Subaru vehicles via the internet. But they have also discovered a treasure trove of - 5d
- cyberpress.org - Subaru STARLINK Connected Car Vulnerability Allowed Limited Access to Attackers - 4d
- gbhackers.com - Subaru’s STARLINK Connected Car’s Vulnerability Let Attackers Gain Restricted Access - 4d
- @arstechnica - Millions of Subarus could be remotely unlocked, tracked due to security flaws Flaws also allowed access to one year of location history. - 4d
- Cyber Security News - Subaru STARLINK Connected Car Vulnerability Allowed Limited Access to Attackers - 4d
- GBHackers Security | #1 Globally Trusted Cyber Security News Platform - Subaru’s STARLINK Connected Car’s Vulnerability Let Attackers Gain Restricted Access - 4d
- CyberInsider - A critical security vulnerability in Subaru's STARLINK-connected vehicle service exposed all Subaru vehicles and customer accounts in the U.S., Canada, and Japan to potential remote hijacking, trackin - 4d
- Security Archives - Security Affairs - Subaru Starlink flaw allowed experts to remotely hack cars - 4d
- TechSpot - Subaru vulnerability exposed millions of cars to remote hacking and tracking - 3d
- ReadWrite - Hackers identify security flaw in Subaru web portal, enabling remote access - Source: readwrite.com - 2d
- CISO2CISO.COM & CYBER SECURITY GROUP - Subaru STARLINK flaw exposed a critical security vulnerability, enabling unauthorized access to vehicle tracking, remote control, and sensitive customer data. - 1d
- Vulnerability Archives ? Cybersecurity News - Subaru’s STARLINK Vulnerability: How Hackers Could Track and Control Vehicles - 1d
- securityonline.info - Subaru’s STARLINK Vulnerability: How Hackers Could Track and Control Vehicles - 1d
- thedefendopsdiaries.com - Subaru Starlink Vulnerability: A Tech-Savvy Dive into Connected Car Security - 1d
- ciso2ciso.com - Subaru STARLINK Flaw Enabled Remote Tracking and Control of Vehicles – Source:hackread.com - 17h
- sharedsecurity.net - Gravy Analytics Breach, Subaru Starlink Vulnerability Exposed - 15h
- @jos1264 - Subaru STARLINK Flaw Enabled Remote Tracking and Control of Vehicles – Source:hackread.com - 9h
Classification:
- HashTags: Subaru CarHacking Starlink
- Company: Subaru
- Target: Subaru Customers
- Product: Starlink
- Feature: Remote Vehicle Access
- Type: Hack
- Severity: Major