A naukri.com initiative
Wired
7h
178
Image Credit: Wired
Subaru Security Flaws Exposed Its System for Tracking Millions of Cars
- Security researchers Sam Curry and Shubham Shah found vulnerabilities in a Subaru web portal that allows to hijack the ability to unlock the car, honk its horn, and start its ignition, control features to any phone or computer.
- Moreover, they could track the Subaru's location for the entire year his mother owned it, including precise location data multiple times a day.
- Subaru quickly fixed the vulnerabilities in Starlink security after the researchers informed the company, but it remains unclear how far back Subaru keeps customers' location histories and makes them available to employees.
- Car hacking and location tracking techniques are not unique. In recent years, security researchers have found similar flaws in vehicles sold by Acura, BMW, Ferrari, Genesis, Honda, Hyundai, Infiniti, Mercedes-Benz, Nissan, Rolls Royce, and Toyota.
- Subaru may have collected multiple years of location data though Curry and Shah tested their technique only on Curry's mother, who owned the Subaru for about a year.
- This discovery by Curry and Shah highlights the lack of privacy safeguards around the growing collection of personal data in the car industry and the concerns over the enormous amount of location data that they collect.
- The researchers warn that similarly serious hackable bugs exist in other auto companies' web tools that have yet to be discovered.
- The vulnerabilities discovered by the researchers alone, for drivers, present serious theft and safety risks.
- A growing concern over the enormous amount of location data that car companies collect that was highlighted by a report by privacy researchers at the Mozilla Foundation in September.
- The vulnerabilities in Subaru web portal hinted at how pervasively those with access to Subaru's portal can track its customers' movements.
Read Full Article
10 Likes
For uninterrupted reading, download the app