Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
A year ago, two security researchers discovered vulnerabilities in Subaru’s web portal that allowed them to hijack car controls and track driver location data. Wire report.
Subaru patched the vulnerabilities after researchers Sam Curry and Shubham Shah reported their findings to the Japanese automaker. But the two warn that finding and fixing security flaws in cars with connected technology only adds to the wider security issue.
In this study, researchers hacked a test car through a web portal for employees, which allowed them to not only start the car remotely, but also track the car’s location in real-time and see a year’s worth of location. data.
“There are a million scenarios where you can weaponize that against someone if they’re cheating on their wife, having an abortion, or being part of some political group,” Curry told Wired.
As long as employees have access to such information, it is vulnerable to evolving methods of hacking.
The researchers also noted that this is an industry-wide problem. The same web-based flaws affect other automakers, including Acura, Genesis, Honda, Hyundai, Infiniti, Kia and Toyota.
