The security vulnerability in Subaru made millions of vehicles a target

Forum

The security vulnerability in Subaru made millions of vehicles a target

By admin, Ocak 26, 2025

The security vulnerability in Subaru made millions of vehicles a target





The security vulnerability in Subaru made millions of vehicles a target



See in full size


Security researchers, Subaru’nun Starlink the serious security deficits they have detected in the system millions of your vehicle He showed that it could allow it to be hacked and watched remotely. These deficits contain many risks, from controlling vehicles to detailed tracking of users’ sensitive location information.

Open from vehicle control to location information

The event is a 2023 model for security researcher Sam Curry’s mother. Subaru iMPREZA It was revealed that the purchase and started to examine the vehicle -related features of the vehicle. Curry and researcher partner Shubham Shah, Opening the door lock, horn playing ve bachelor operating They discovered that they could seize the control of various vehicle functions such as. But what was even more worried was that the detailed position history of the vehicles could be accessed. Researchers, that at least one year of position history can be taken indicates.




The security vulnerability in Subaru made millions of vehicles a target



See in full size


Researchers, Subaru’s SubaruCS.com A password reset deficit on the employee portal. They were able to start a password reset process by estimating the e-mail addresses of the employees. Worse, the verification of the safety questions was not made on the subaru servers, but on a code that was run in the browser of the users. This design error allowed them to easily overcome security questions.




The security vulnerability in Subaru made millions of vehicles a target



See in full size


Researchers who have reached the e-mail address of a Subaru Starlink developer via LinkedIn and obtained their account, thus provided access to many sensitive information and control authority in the system. Researchers, vehicle owners Isim, Plaka, E-POST or phone number He said that it can be easily questioned with information such as. They were also able to reconstruct the stars of the vehicles as well as their control. This included the ability to unlock the cars remotely, to play horn, to run contacts and to locate the vehicles.

Subaru closed the gaps

Researchers, shortly after reporting their findings to Subaru at the end of November, He closed the security gaps quickly. Subaru officials said that access to employees’ location information was performed only by certain situations (such as accidents) and by trained people. The company also has location information that it does not sell to third parties explained.

This event once again revealed the increasing security risks in connected vehicle technologies. Curry and his team had previously identified similar deficits in many manufacturers such as Honda, Hyundai, Toyota and Kia. A report published by Mozilla Foundation revealed that 92 percent of the manufacturers in the automotive industry did not give their users the right to check on the data collected and that 84 percent reserves the right to share or sell this data.

























Etiketler: , , , , ,
Araç çubuğuna atla