Modern vehicles rely heavily on advanced computer systems and connectivity features to enhance user experience, but a recently discovered vulnerability in Subaru's Starlink connectivity suite has exposed a critical flaw. White hat security researchers successfully identified and exploited a security weakness that could leave vehicle data accessible to unauthorized individuals.
This issue pertains to Subaru's Starlink system, not to be confused with SpaceX's satellite internet service, and involves the in-vehicle multimedia technology designed to provide navigation, entertainment, and safety features.
Subaru Faces Security Breach in Starlink System
Security researchers Sam Curry and Shubham Shah have revealed a significant vulnerability in Subaru's Starlink connectivity suite, which could put vehicle owners and the automaker at risk of cyberattacks. According to a report by Engadget, the researchers demonstrated how the flaw allowed them to access data from a test vehicle belonging to the Japanese automaker.
By exploiting the vulnerability, the researchers were able to retrieve a year's worth of location data from the test vehicle. While the data did not pertain to an actual customer, Curry and Shah cautioned that similar attacks could potentially target real-world vehicle owners.
Fortunately, the issue was identified and reported to Subaru before malicious hackers could exploit it. Subaru promptly addressed the flaw by releasing a patch to secure its systems.
Read Also: Your GM Driving Data Will No Longer Be Sold After the FTC Caught and Blocked Them From Doing So
Starlink's Tracking Vulnerability Highlighted
Curry and Shah explained that they gained unauthorized access by compromising an employee web portal, which granted them entry into Subaru's vehicle database. This breach enabled them to connect to multiple vehicles through the Starlink system, exposing sensitive information such as customers' last names, email addresses, phone numbers, zip codes, and license plate numbers.
While the vulnerability has been resolved, the researchers' findings underscore the potential risks associated with connected car systems if left unchecked.
Broader Implications for Automotive Cybersecurity
The growing integration of technology in vehicles brings increased convenience for users but also poses new security challenges. A recent incident involving Hyundai demonstrated the potential risks, as a data breach in France exposed sensitive customer information.
Automakers routinely collect vast amounts of customer data, including personal details, payment information, and driving habits. Some companies reportedly share this data with advertisers and third parties, raising privacy concerns. Additionally, car dealerships and their software systems often store sensitive customer information, making them attractive targets for cybercriminals.
While Subaru's Starlink vulnerability was addressed proactively thanks to the efforts of Curry and Shah, the incident serves as a reminder of the importance of robust cybersecurity measures in the automotive industry. As connected car technologies continue to evolve, companies face mounting pressure to protect their customers' data from potential threats.
