Summary: A vulnerability in Subaru’s Starlink connected vehicle service allowed unauthorized access to customer accounts in the US, Canada, and Japan. Security researchers discovered that the admin panel could be accessed without proper authentication, enabling potential vehicle takeovers and access to sensitive customer information. Subaru addressed the security flaw within 24 hours of being notified by the researchers.
Threat Actor: Security Researchers | Sam Curry, Shubham Shah
Victim: Subaru | Subaru
Keypoints :
- Vulnerability allowed access to employee accounts without confirmation tokens.
- Researchers could remotely control vehicles and access sensitive customer data.
- Subaru fixed the vulnerability within 24 hours of being reported.
Source: https://www.securityweek.com/subaru-starlink-vulnerability-exposed-cars-to-remote-hacking/