The Business & Technology Network
Helping Business Interpret and Use Technology
Home
Newswire > Hackers identify security flaw in Subaru web portal, enabling remote access
Hackers identify security flaw in Subaru web portal, enabling remote access
«  

February

  »
S M T W T F S
 
 
 
 
 
 
1
 
2
 
3
 
4
 
5
 
6
 
7
 
8
 
9
 
10
 
11
 
12
 
13
 
14
 
15
 
16
 
17
 
18
 
19
 
20
 
21
 
22
 
23
 
24
 
25
 
26
 
27
 
28
 
 

Hackers identify security flaw in Subaru web portal, enabling remote access

Tags: video web
DATE POSTED:January 27, 2025
ReadWriteWeb
Original article
AI image to represent in-car infotainment system / Subaru security flaws exposed as hackers able to take control of car remotely.

A troubling security flaw has been identified in Subaru’s Starlink-connected infotainment deck after hackers remotely took control of a Subaru Impreza. 

In this instance, the alarm was raised rather than any damage inflicted as the two hackers were able to access a relative’s vehicle. 

As reported by Wired, Sam Curry and Shubham Shah were able to take advantage of vulnerabilities in a Subaru web portal which allowed them to take over Curry’s mother’s Impreza. 

With Shah working remotely, the pair were able to unlock the auto, sound the horn, and crucially, start the ignition. 

All this was done with relative ease, as explained by Curry in a video and blog release. The Japanese car brand will be concerned by reports that the moves can be performed using any computer or smartphone, while the hacker stated he was able to access the Subaru portal by hijacking an employee’s account with a simple password reset. 

Once into the system, millions of Subaru vehicles could be accessed remotely by using a customer’s name, registration number, and zip code. It was also claimed up to one year’s location data from his mother’s car could be extracted, providing very precise details of places visited and where the vehicle is parked. 

Curry said his mother’s exact parking space at church was clearly mapped.

Now-fixed web bugs allowed hackers to remotely unlock and start any of millions of Subarus. More disturbingly, they could also access at least a year of cars’ location histories—and Subaru employees still can. https://t.co/734BOiSjuY

— WIRED (@WIRED) January 26, 2025

Security vulnerability present in various other vehicle brands

There will be concern from Subaru’s customer base at what this incident could mean for their vehicle and their personal data, while others will query why the company is collecting extensive location data. 

Subaru has insisted this is required to allow staff to assist with emergencies as well as for theft-tracking, and on the wider issue, it has immediately got to work to fix and patch the system vulnerability. 

The hackers have intimated that the flaw is not confined to Subaru vehicles, with similar bugs present in the web systems of other brands such as Honda, Hyundai, Kia, Toyota, and several others.

 

Image credit: Via Midjourney

The post Hackers identify security flaw in Subaru web portal, enabling remote access appeared first on ReadWrite.

ReadWriteWeb
Original article
Tags: video web
Newswire > Hackers identify security flaw in Subaru web portal, enabling remote access

All Rights Reserved. Copyright , Central Coast Communications, Inc.