FlagThis

Security vulnerabilities in Subaru’s Starlink connected vehicle service have been exposed, allowing remote access to customer accounts, including the ability to unlock and start vehicles, and access a year of location history. This poses significant privacy and security risks for vehicle owners. The vulnerability stems from a lack of proper access controls in the Starlink system and use of javascript. These security flaws emphasize the need for better security in connected car platforms and protection of user data.

Subaru Starlink connected vehicle service had a vulnerability which allowed remote access to the accounts of its customers in the US, Canada, and Japan.