Security researchers discovered a major vulnerability in Subaru's employee portal, allowing them remote access to a vehicle, revealing sensitive location data. The flaw emerged from poor security practices, with unauthorized access possible through trivial means such as email and basic personal info. Subaru patched the exploit, but issues persist, as some employee access remains unchanged. The researchers emphasized that Subaru is representative of a larger problem regarding privacy in modern vehicles, with the potential for exploitations far beyond their tests. The incident underscores the importance of robust security measures in automotive technology.
Security researchers Sam Curry and Shubham Shah found a security flaw in Subaru's employee portal that allowed remote access to vehicle controls and location data.
The vulnerability let them remotely control a test vehicle and access a year’s worth of precise location data, raising concerns about vehicle privacy.
The ease with which they accessed sensitive data highlights the broader issue of lax security in modern vehicles and their connectivity features.
Subaru quickly patched the exploit following notification from the researchers, but issues remain with employee access to location history.
Collection
[
|
...
]