Subaru is under the microscope, but every car manufacturer does the same dumb shit these days.
Yeah, the article discusses it. It was unique here, though, that everyday Subaru employees have a way to see at least a year of location history for all customers, with no restrictions
thanks for tracking me for my own safety, car brands, really preciate it.
Summary:
Security researchers Sam Curry and Shubham Shah identified critical vulnerabilities in Subaru’s web portal that allowed unauthorized access to vehicles’ internet-connected features. Through these flaws, they could remotely unlock doors, start the engine, and access detailed location histories spanning at least a year. These vulnerabilities potentially affected millions of Subaru vehicles equipped with the Starlink system in the U.S., Canada, and Japan. Upon being informed, Subaru promptly addressed and patched the issues. However, concerns remain about the extensive location data accessible to Subaru employees, highlighting broader privacy implications regarding the data modern vehicles collect.
Just tossing this on these threads at this point:
Subaru data opt out page from the eff:
No idea if they respect it, but its a good idea regardless.
I am not a car owner, but think that if faced with something like this, I’d consult with forums and/or a reputable mechanic on how to remove the telematics unit altogether. Apparently it is easy on some cars.
For the Subaru’s, you have to take out the stereo head unit/screen and pull some wiring/module off of it.
Its apparently not terrible, but it’s a big ask for people who don’t deal with car audio/electrical on a regular basis.
Then I’d ask a mechanic that normally services it. The telematics are too much of a problem to not resolve.
Without the paywall https://archive.ph/JBe4A
Direct link to the write-up: https://samcurry.net/hacking-subaru
I’ll never stop downvoting these BS paywall posts. There’s almost always better source articles that are not paywalled too which makes me feel sad for the poor saps subscribing to these rags.
Andy Greenberg is a great security journalist and Wired is not a rag. It’s a legendary technology magazine with a lot of great coverage. Journalists deserve to get paid. The article has a lot of broader context and interviews with the security researchers, Subaru and other experts. Plus, it’s not even a hard paywall. Delete your cookies or find one of the myriad other ways to read it such as the link above. Or don’t. Your loss
If you enjoy it by all means subscribe. It’s really nothing more than advertising though posting links to paywalled sites on social platforms when there are other alternatives. What percentage of people on here do you think subscriber to your favorite paywall site?
deleted by creator
Good call, let’s discourage deep thought and long form discussion. More clickbait and exploitation please!
deleted by creator
