FlagThis

Security vulnerabilities in Subaru’s Starlink connected vehicle service have been exposed, allowing remote access to customer accounts, including the ability to unlock and start vehicles, and access a year of location history. This poses significant privacy and security risks for vehicle owners. The vulnerability stems from a lack of proper access controls in the Starlink system and use of javascript. These security flaws emphasize the need for better security in connected car platforms and protection of user data.

Tesla’s vehicle and charging infrastructure have been repeatedly compromised at the Pwn2Own Automotive 2025 hacking competition. Researchers demonstrated the lack of effective security, managing to exploit vulnerabilities in charging stations and infotainment systems. The consistent success of these attacks underscores the pressing need for enhanced security measures within connected vehicles.

The successful exploits in the Pwn2Own contests highlights the need for better security protocols for automotive tech. The fact that multiple systems were compromised should raise concerns for consumers and car manufacturers about the overall security of connected vehicles.