Vulnerability cyber

Subaru

Jan 24, 2025 1 min read
Subaru

Subaru encountered web vulnerabilities in its Starlink service that could potentially allow unauthorized access to customer accounts and tracking of customer movements. Researchers Shah and Curry identified the flaw, which Subaru promptly patched. While no customer information was compromised, the incident highlighted a significant privacy concern as the employees of Subaru could access a customer's location history. Subaru confirmed that access to this data is for relevant employees only, protected by privacy and security training, and NDA agreements. Despite quick resolution, the situation raises questions about data privacy and the security of web tools in the automotive industry.

Source: https://www.wired.com/story/subaru-location-tracking-vulnerabilities/

TPRM report: https://scoringcyber.rankiteo.com/company/subaru-of-america

"id": "sub000012425",
"linkid": "subaru-of-america",
"type": "Vulnerability",
"date": "1/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Automotive',
                        'name': 'Subaru',
                        'type': 'Corporation'}],
 'attack_vector': 'Unauthorized Access',
 'description': 'Subaru encountered web vulnerabilities in its Starlink '
                'service that could potentially allow unauthorized access to '
                'customer accounts and tracking of customer movements. '
                'Researchers Shah and Curry identified the flaw, which Subaru '
                'promptly patched. While no customer information was '
                'compromised, the incident highlighted a significant privacy '
                "concern as the employees of Subaru could access a customer's "
                'location history. Subaru confirmed that access to this data '
                'is for relevant employees only, protected by privacy and '
                'security training, and NDA agreements. Despite quick '
                'resolution, the situation raises questions about data privacy '
                'and the security of web tools in the automotive industry.',
 'impact': {'systems_affected': ['Starlink Service']},
 'lessons_learned': 'The incident highlighted the importance of data privacy '
                    'and the security of web tools in the automotive industry.',
 'response': {'remediation_measures': ['Patched the vulnerability']},
 'title': 'Subaru Starlink Service Web Vulnerabilities',
 'type': 'Web Vulnerability',
 'vulnerability_exploited': 'Web Vulnerabilities'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.