Sam Carry’s security researcher decided to check how safe the Subaru car, which he bought his mother, is. About a year ago, he agreed with her that in the future he would study the possibilities of hacker intervention in the machine system. This opportunity appeared in November, when Curry, together with his colleague Shubham Shah, began to analyze the Internet functions of Subaru Impreza 2023.
Curry and Shah found vulnerabilities in the Subaru web portal, which allowed them to remotely control the functions of the car, such as unlocking doors, alarm. , ignition and even tracking the location of the machine. Moreover, researchers were able to access the whole year of historical data on the movement of the car, including visited addresses, doctors, friends and even the exact place in the parking lot at the church.
Vulnerability concerned the Starlink system, which is used in Subaru cars in the USA, Canada and Japan. Hackers could reassign the functions of any car connected to Starlink, just using web tools for Subaru employees. After the company notification in November, Subaru quickly eliminated problems, but researchers warn: similar vulnerabilities are present among other automakers.