Amber DaSilva reports:
If you own a modern Subaru, chances are you’ve heard of Starlink — the company’s connected services suite, which lets you control your car through an app or call roadside assistance to your location. That system, though, has other functionality that you might not know: Storing your car’s location history for the last year, and making that information available through an admin panel that until recently was left wide open for hackers.
Penetration testing team Sam Curry and Shubham Shah discovered a vulnerability in Starlink’s administrator console, which allowed hackers to compromise the accounts of Subaru employees and gain admin access to the system. With this, hackers could track a car’s Starlink location pings for the last year, as well as the typical Starlink app functionality: Locking, unlocking, geofencing, and more.
Read more at Jalopnik.