Critical vulnerability in Subaru Starlink🚗
🔒 Researchers have discovered a problem in the Starlink service that allowed hackers to track and control cars based on their license plate number alone.🤔 #cybernews
Exploiting this vulnerability would have allowed:
remotely start or stop the engine, lock/unlock the doors and get the current location of the car;
track the history of the car’s movements for the last year with an accuracy of up to 5 meters;
access users’ personal information, including address, payment details, and vehicle PIN.
Subaru’s Starlink is an Internet-connected car service that provides convenient remote control and tracking of a vehicle. The vulnerability was linked to the “resetPassword.json” tool, which allowed access to the account through the administration panel, as it could change the password without confirmation.