Subaru Starlink infotainment system compromised by security flaw
Researchers uncovered a flaw allowing unauthorized access to personal data and vehicle control in Subaru's system, affecting users globally
The Subaru Starlink infotainment system came under scrutiny when a security vulnerability was identified by researchers, including Sam Curry and Shubham Shah. The system, designed to offer remote functionalities accessible only to Subaru employees via an admin portal, was compromised due to a flaw identified by the researchers. They managed to reset an employee's password and bypass two-factor authentication by manipulating the client-side overlay, gaining unauthorized access to the panel. This breach allowed them to view sensitive vehicle information, such as historical location data and VIN numbers, along with personal customer details like last names, ZIP codes, phone numbers, email addresses, and billing information.
Thank you for visiting S&P Global AutoTechInsight.
*A subscription to News & Analysis includes four S&P Global-selected sector-specific analytical pieces per month. Access to all analytic pieces across all domains comes with a subscription to All Domains. Please click here to subscribe.
To get access to the AutoTechInsight full suite of services, please contact a sales representative by clicking here.
Already a subscriber? Please log in here
