Get the latest tech news
Subaru Security Flaws Exposed Its System for Tracking Millions of Cars
Now-fixed web bugs allowed hackers to remotely unlock and start millions of Subarus. More disturbingly, they could also access at least a year of cars’ location histories—and Subaru employees still can.
Sure enough, he and a researcher working with him online, Shubham Shah, soon discovered vulnerabilities in a Subaru web portal that let them hijack the ability to unlock the car, honk its horn, and start its ignition, reassigning control of those features to any phone or computer they chose. Curry and Shah today revealed in a blog post their method for hacking and tracking millions of Subarus, which they believe would have allowed hackers to target any of the company's vehicles equipped with its digital features known as Starlink in the US, Canada, or Japan. Over the prior two years, a larger group of researchers, of which Curry and Shah are a part, sold by Acura, BMW, Ferrari, Genesis, Honda, Hyundai, Infiniti, Mercedes-Benz, Nissan, Rolls Royce, and Toyota.
Or read this on Wired/cdn.vox-cdn.com/uploads/chorus_asset/file/25840693/how_it_works4.png)
