Japanese automaker Subaru has closed a security hole in the brand's Starlink service that allowed millions of vehicles to be tracked and monitored.
Millions of Subaru cars have been tracked for up to a year due to a flaw in the automaker's security system. Tracked via a vulnerability in their Starlink system, which gives access to the cars' GPS data.
A new security flaw has been uncovered in Subaru's connected cloud service, Starlink. The system, used in the US, Canada and Japan, has a vulnerability that could potentially allow unauthorized individuals to access sensitive information.
This is what Wired writes.
Cybersecurity researcher Sam Curry and his team uncovered the flaw that allowed them to track millions of Subaru cars. The team was able to see the cars' precise GPS locations going back at least a year. They were also able to unlock and start the cars.
Subaru responded quickly to the vulnerability alert and patched it within 24 hours, but Subaru employees can still track individual cars via a web-based management panel.
Subaru confirms that employees have access to the cars' location data. They explain that the data is used, among other things, to send addresses to emergency services in the event of an accident. According to Subaru, employees undergo special training to handle this data.
However, Sam Curry questions whether it is even necessary to store a car's route for an entire year to tell where it is now.
Tracking cars and monitoring drivers in general is a topic of much debate. It has recently been revealed how Tesla is extensively monitoring all of its vehicles. Read more about it here .
And last year, a Swedish cybersecurity expert warned drivers against sharing secrets in any newer Volvo. The Chinese brand is subject to a strict so-called security law that means the communist regime in Beijing can access drivers' data at any time, even if the cars are driving outside China.
