Subaru Security Flaw Exposed Millions of Cars to Remote Hacking

Researchers found vulnerabilities in a Subaru employee portal that allowed remote car control and location tracking, raising broader privacy concerns for the auto industry.

Security researchers Sam Curry and Shubham Shah identified flaws in Subaru's employee-facing web portal, allowing remote access to car controls and location data for vehicles equipped with Starlink features.
The vulnerability enabled hackers to unlock, start, and track vehicles, as well as access up to a year of precise location history for individual cars.
Subaru patched the issue quickly after being alerted in November 2024, stating there was no evidence of unauthorized access prior to the fix.
The researchers highlighted systemic security challenges in the auto industry, noting similar vulnerabilities in other manufacturers like Honda, Toyota, and Kia, among others.
The incident underscores ongoing concerns about privacy and data security in connected vehicles, with experts warning of the potential misuse of extensive location tracking capabilities.