Summary: Security researchers uncovered a critical vulnerability in Subaru’s Starlink service that could enable attackers to take over accounts and control vehicles using only a license plate. The flaw allowed unrestricted access to customer accounts and sensitive vehicle data, posing significant risks to Subaru owners in the U.S., Canada, and Japan. Fortunately, Subaru addressed the issue within 24 hours of being notified, and there is no evidence that it was exploited by malicious actors.
Threat Actor: Unknown | unknown
Victim: Subaru | Subaru
Keypoints :
- Vulnerability allowed attackers to remotely control vehicles and access sensitive customer data.
- Exploitation required only knowledge of the victim’s last name and ZIP code, email, phone number, or license plate.
- Subaru patched the vulnerability within 24 hours of the report, preventing potential exploitation.