23.01.2025 19:36 Uhr, Quelle: Engadget

Subaru’s poor security left troves of vehicle data easily accessible

Subaru left open a gaping security flaw that, although patched, lays bare modern vehicles’ myriad privacy issues. Security researchers Sam Curry and Shubham Shah reported their findings (via Wired) about an easily hacked employee web portal. After gaining access, they were able to remotely control a test vehicle and view a year’s worth of location data. They warn that Subaru is far from alone in having lax security around vehicle data. After the security analysts notified Subaru, the company quickly patched the exploit. Fortunately, the researchers say less-than-ethical hackers hadn’t breached it before then. But they say authorized Subaru employees can still access owners’ location history with only a single piece of the following information: the owner’s last name, zip code, email address, phone number or license plate. Engadget emailed Subaru for comment, and we’ll update this story if we hear back. The hacked admin portal was part of Subaru’s Starlink suite of con

Weiterlesen bei Engadget