- Two hackers presented serious security failures in a Subaru Impreza 2023
- The vulnerabilities on a subaru web portal allowed the remote access couple
- Similar problems could affect a series of important automotive brands
A pair of computer pirates have revealed how they took the remote control of a Subaru Impreza, thanks to a serious security defect in the information and entertainment system connected to Subaru Starlink.
Sam Curry and Shubham Shah (the latter worked remotely) managed and start their ignition with any smartphone or the computer chose, according to a Wired report.
Curry revealed his tactics in a video and a long blog post, which came into details on how he could enter said web portal and kidnap the Subaru employee's account simply by restoring a password, which would then allow him to take advantage of millions of subaru vehicles in form Remote with the name of a customer, the registration number or the postal code.
The prolific hacker states that it was possible The Church. .
Subaru states that once the couple had notified the company, he started working on the repair and vulnerability patch on their employee portal while adding that it is important that the company collects location data to help Your employees help with emergencies and help track stolen vehicles.
However, Curry and the broader piracy community say there is little need for manufacturers to collect customer location data. In addition, he believes that the type of web vulnerabilities is not limited only to Subaru: there are equally serious hackable errors in Acura, Genesis, Honda, Hyundai, Infiniti, Kia, Kia, Toyota and many others.
Analysis: The connected car is a data privacy nightmare
Earlier this week, Kaspersky's security researchers published a report that revealed how the team had found 13 vulnerabilities in the information and entertainment system of the Mercedes-Benz user experience (MBUX) first generation.
These defects would allow computer pirates to steal data and disable anti -theft protections if they can obtain physical access to the vehicle. Mercedes-Benz said he had been aware of Kaspersky's findings since 2022 and that the vulnerabilities had been repaired.
In addition, the German company pointed out that the main unit of its information and entertainment system had to be withdrawn and open to make a successful trick, which makes it a little less worrying than the problems encountered with Subaru vehicles.
That said, many industry experts and cybersecurity experts have warned that the modern car connected represents a serious safety risk for a long time, with Mozilla so far as to say that “modern cars are a privacy nightmare” in a report in a report Posted in 2023.
Mozilla discovered that many cars collect more data than they need, which makes it almost impossible for users to choose not to participate in the harvest and then sell this information to third parties without the user knowing it.
In addition to being a massive invasion of privacy, vehicles equipped with cameras, microphones and a constant internet connection now offer a large number of ways for possible computer pirates to obtain remote access.
Automobile manufacturers are clearly aware of this and many have created independent software divisions to help deal with the threat, but it is clear that there is still a job to be done.