Security researcher Sam Curry found a security flaw in the always connected Starlink system integrated into Subaru cars. It allows bad actors to obtain drivers’ personal information include VINs, location history, the odometer, and personal owner information, including customer names, phone numbers, and email addresses.

Using the obtained data, the hackers could proceed to the next phase of the attack and use the access to Starlink servers to create new administrator accounts to a connected vehicle. Doing this granted the attacker full access to remote control features, meaning that a bad actor would have obtained permission to start a connected Subaru car, lock and unlock it, and see where it was in real-time.

Articles:

• https://www.autoevolution.com/news/hackers-found-a-way-to-control-subaru-cars-over-the-internet-without-drivers-even-knowing-246128.html