Subaru encountered web vulnerabilities in its Starlink service that could potentially allow unauthorized access to customer accounts and tracking of customer movements. Researchers Shah and Curry identified the flaw, which Subaru promptly patched. While no customer information was compromised, the incident highlighted a significant privacy concern as the employees of Subaru could access a customer's location history. Subaru confirmed that access to this data is for relevant employees only, protected by privacy and security training, and NDA agreements. Despite quick resolution, the situation raises questions about data privacy and the security of web tools in the automotive industry.
Source: https://www.wired.com/story/subaru-location-tracking-vulnerabilities/
"id": "sub000012425",
"linkid": "subaru-of-america",
"type": "Vulnerability",
"date": "1/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"