Concerns about car connectivity security have been raised after a pair of hackers revealed how they remotely took control of a Subaru Impreza, thanks to a serious security flaw in Subaru’s Starlink-connected infotainment system.
Sam Curry and Shubham Shah (the latter was working remotely) managed to leverage vulnerabilities in a Subaru web portal that allowed the pair to take control of Curry’s mother’s vehicle, including the ability to unlock the car, honk its horn and start its ignition with any smartphone or computer they chose, according to a report by Wired.
Curry revealed his tactics in a video and a lengthy blog post, which went into detail about how he was able to enter said web portal and hijack a Subaru employee’s account by simply resetting a password, which would then allow him to tap into millions of Subaru vehicles remotely with a customer’s name, registration number, or zip code, reports Techradar.
The prolific hacker claims that it was possible to retrieve at least a year’s worth of location history from his mother’s car, including accurately mapped details of exactly where she had been, down to the exact parking space his mother parked in every time she went to church.
Pic: Subaru
