A cybersecurity researcher recently discovered a serious vulnerability in Subaru’s Starlink system, allowing him to remotely control vehicles across the U.S., Canada, and Japan. The ethical hacker, Sam Curry, was able to unlock doors, start and stop engines, and track vehicle locations after bypassing a security loophole in an employee-facing platform. The issue was quickly reported to Subaru, which fixed the vulnerability within 24 hours.
What is Subaru Starlink?
Subaru Starlink is the company’s connected vehicle system, offering a range of infotainment, security, and remote access features. It allows Subaru owners to lock or unlock their vehicles, start the engine remotely, and track their car’s location using the MySubaru mobile app. The system also provides emergency roadside assistance, automatic crash notifications, and stolen vehicle tracking.
Because Starlink controls key vehicle functions remotely, any security vulnerability in the system could pose a major risk, allowing unauthorized access to vehicles.
How the Hacker Gained Access
Sam Curry, a well-known ethical hacker, decided to test Subaru’s security after purchasing a 2023 Subaru Impreza for his mother. When he failed to bypass the security of the MySubaru app, he and fellow researcher Shubham Shah looked for other ways to access Subaru’s systems.
They eventually found a publicly accessible employ
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.