Security researchers discovered major vulnerabilities in Subaru's web portal, enabling hacks that allowed remote access to vehicles and tracking of their location history for over a year. This alarming discovery, made by Sam Curry and Shubham Shah, exposed potential risks not just for the car's controlling features but also for personal privacy. They identified that malicious actors could exploit these weaknesses to track individuals' movements and habits, posing significant security risks for Subaru vehicle owners globally. Their findings highlight urgent security concerns regarding connected vehicles and associated digital platforms.
You can retrieve at least a year's worth of location history for the car, where it's pinged precisely, sometimes multiple times a day.
There are a million scenarios where you could weaponize this against someone.
Curry and Shah today revealed in a blog post their method for hacking and tracking millions of Subarus.
The vulnerabilities they found in a Subaru website...allowed them to hijack an employee's account.
Collection
[
|
...
]