Hacker Exposes Subaru Security Vulnerability

A pair of hackers claim to have discovered a security vulnerability in Subaru models fitted with Starlink technology – potentially allowing the vehicles to be located, unlocked, and started remotely.

According to the report from Sam Curry, attackers could find the location of a Subaru and access its features by simply knowing the owner’s surname and postcode, email address, phone number, or number plate.

The vulnerability was reported to Subaru, who patched the affected system within 24 hours.

It’s believed the security weakness only applied to Subaru vehicles located in the United States, Canada, and Japan.

A spokesperson for Subaru Australia confirmed Starlink is not enabled in local models.

{{AD}}

‍

Subar’s Starlink technology incorporates infotainment, safety, and security features in the car – including the ability for the car to notify the owner if it’s involved in an accident, and allowing the owner to access vehicle features through a smartphone app.

As well as being able to locate, start, stop, unlock, and lock cars remotely, the 'White Hat' hackers – another name for ethical computer security experts – say they could retrieve the vehicle’s complete history from the past 12 months, with accuracy to within five metres.

Gaining access to the system also allowed them to retrieve personal information on the owner, including their address, emergency contacts, and other miscellaneous data such as the vehicle’s mileage, sales history, previous owners, and whether they had phone Subaru’s support line.

In recent years, authorities in the US and UK have raised concerns about the potential for imported vehicles to be disabled remotely by adversarial foreign governments if a conflict arose.