Home Hackers identify security flaw in Subaru web portal, enabling remote access

Hackers identify security flaw in Subaru web portal, enabling remote access

A troubling security flaw has been identified in Subaru’s Starlink-connected infotainment deck after hackers remotely took control of a Subaru Impreza. 

In this instance, the alarm was raised rather than any damage inflicted as the two hackers were able to access a relative’s vehicle. 

As reported by Wired, Sam Curry and Shubham Shah were able to take advantage of vulnerabilities in a Subaru web portal which allowed them to take over Curry’s mother’s Impreza. 

With Shah working remotely, the pair were able to unlock the auto, sound the horn, and crucially, start the ignition. 

All this was done with relative ease, as explained by Curry in a video and blog release. The Japanese car brand will be concerned by reports that the moves can be performed using any computer or smartphone, while the hacker stated he was able to access the Subaru portal by hijacking an employee’s account with a simple password reset. 

Once into the system, millions of Subaru vehicles could be accessed remotely by using a customer’s name, registration number, and zip code. It was also claimed up to one year’s location data from his mother’s car could be extracted, providing very precise details of places visited and where the vehicle is parked. 

Curry said his mother’s exact parking space at church was clearly mapped.

Security vulnerability present in various other vehicle brands

There will be concern from Subaru’s customer base at what this incident could mean for their vehicle and their personal data, while others will query why the company is collecting extensive location data. 

Subaru has insisted this is required to allow staff to assist with emergencies as well as for theft-tracking, and on the wider issue, it has immediately got to work to fix and patch the system vulnerability. 

The hackers have intimated that the flaw is not confined to Subaru vehicles, with similar bugs present in the web systems of other brands such as Honda, Hyundai, Kia, Toyota, and several others.

 

Image credit: Via Midjourney

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech, gambling and blockchain industries for major developments, new product and brand launches, AI breakthroughs, game releases and other newsworthy events. Editors assign relevant stories to in-house staff writers with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Graeme Hanna
Tech Journalist

Graeme Hanna is a full-time, freelance writer with significant experience in online news as well as content writing. Since January 2021, he has contributed as a football and news writer for several mainstream UK titles including The Glasgow Times, Rangers Review, Manchester Evening News, MyLondon, Give Me Sport, and the Belfast News Letter. Graeme has worked across several briefs including news and feature writing in addition to other significant work experience in professional services. Now a contributing news writer at ReadWrite.com, he is involved with pitching relevant content for publication as well as writing engaging tech news stories.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.