Subaru Starlink Vulnerability Exposed Millions of Vehicles to Cybersecurity Risks

Researchers uncovered a flaw allowing unauthorized access to vehicle controls and sensitive data, which Subaru has since patched.

Security researchers Sam Curry and Shubham Shah identified a critical flaw in Subaru's Starlink system, enabling hackers to remotely access vehicle functions and sensitive data.
Exploiting weaknesses in the password reset process of the Starlink admin portal, attackers could bypass security measures and gain administrative control.
Hackers could remotely unlock doors, start engines, and access precise location histories of vehicles, potentially tracking movements over a year.
Subaru patched the vulnerability in November 2024 after it was reported, but the incident highlights broader cybersecurity challenges in connected vehicles.
The findings underscore systemic issues in the automotive industry, with similar vulnerabilities identified in systems from other manufacturers such as Honda, Kia, and Toyota.