Recent research uncovered a vulnerability in Subaru's STARLINK connected vehicle service, allowing unauthorized access to user accounts and vehicles across the U.S., Canada, and Japan. This flaw permits attackers to retrieve vehicle locations, control functions like locking or starting, and access sensitive data by exploiting hardcoded credentials. Experts highlight the reliance on outdated protocols, exposing interconnected vehicles to further exploitation, raising concerns about privacy and safety in modern automotive technology.
Researchers Shubham Shah and Sam Curry identified hardcoded credentials within JavaScript files that allowed them to replace employee email addresses and reset passwords without confirmation.
The vulnerability emphasizes a big issue with interconnected vehicles. They often rely on the outdated CAN bus protocol, which was designed in the 1980s without security in mind.
Collection
[
|
...
]