Breach cyber

Subaru

Jan 27, 2025 1 min read
Subaru

Security researchers discovered web vulnerabilities in Subaru's Starlink service that allowed potential unauthorized access to customer accounts and tracking of customers' movements. While Subaru swiftly patched the flaw following the report, concerns persist about the access Subaru employees have to customer location data historically, which poses a privacy issue. Researchers were able to bypass security questions and gain control of Subaru Starlink developer accounts, leading to the possibility of manipulating vehicle features remotely.

Source: https://www.wired.com/story/subaru-location-tracking-vulnerabilities/

TPRM report: https://scoringcyber.rankiteo.com/company/subaru-of-america

"id": "sub000012725",
"linkid": "subaru-of-america",
"type": "Breach",
"date": "1/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Automotive',
                        'name': 'Subaru',
                        'type': 'Corporation'}],
 'attack_vector': 'Exploitation of web vulnerabilities',
 'data_breach': {'type_of_data_compromised': ['Customer accounts',
                                              'Customer location data']},
 'description': 'Security researchers discovered web vulnerabilities in '
                "Subaru's Starlink service that allowed potential unauthorized "
                "access to customer accounts and tracking of customers' "
                'movements. While Subaru swiftly patched the flaw following '
                'the report, concerns persist about the access Subaru '
                'employees have to customer location data historically, which '
                'poses a privacy issue. Researchers were able to bypass '
                'security questions and gain control of Subaru Starlink '
                'developer accounts, leading to the possibility of '
                'manipulating vehicle features remotely.',
 'impact': {'data_compromised': ['Customer accounts', 'Customer location data'],
            'systems_affected': ['Subaru Starlink service',
                                 'Subaru Starlink developer accounts']},
 'motivation': 'Exposure of vulnerabilities',
 'post_incident_analysis': {'corrective_actions': ['Patching the flaw'],
                            'root_causes': ['Web vulnerabilities']},
 'response': {'remediation_measures': ['Patching the flaw']},
 'threat_actor': 'Security researchers',
 'title': 'Subaru Starlink Service Web Vulnerabilities',
 'type': 'Web Vulnerabilities',
 'vulnerability_exploited': "Web vulnerabilities in Subaru's Starlink service"}
Published by
Jeremy C
Jeremy C
You might also like
Breach cyber

Dansons

public 1 min read
The breach involved unauthorized access to customer payment information, affecting 19 New Hampshire residents. The compromised information included names, addresses,…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.