Subaru

Subaru

Security researchers discovered web vulnerabilities in Subaru's Starlink service that allowed potential unauthorized access to customer accounts and tracking of customers' movements. While Subaru swiftly patched the flaw following the report, concerns persist about the access Subaru employees have to customer location data historically, which poses a privacy issue. Researchers were able to bypass security questions and gain control of Subaru Starlink developer accounts, leading to the possibility of manipulating vehicle features remotely.

Source: https://www.wired.com/story/subaru-location-tracking-vulnerabilities/

TPRM report: https://scoringcyber.rankiteo.com/company/subaru-of-america

"id": "sub000012725",
"linkid": "subaru-of-america",
"type": "Breach",
"date": "1/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Automotive',
                        'name': 'Subaru',
                        'type': 'Corporation'}],
 'attack_vector': 'Exploitation of web vulnerabilities',
 'data_breach': {'type_of_data_compromised': ['Customer accounts',
                                              'Customer location data']},
 'description': 'Security researchers discovered web vulnerabilities in '
                "Subaru's Starlink service that allowed potential unauthorized "
                "access to customer accounts and tracking of customers' "
                'movements. While Subaru swiftly patched the flaw following '
                'the report, concerns persist about the access Subaru '
                'employees have to customer location data historically, which '
                'poses a privacy issue. Researchers were able to bypass '
                'security questions and gain control of Subaru Starlink '
                'developer accounts, leading to the possibility of '
                'manipulating vehicle features remotely.',
 'impact': {'data_compromised': ['Customer accounts', 'Customer location data'],
            'systems_affected': ['Subaru Starlink service',
                                 'Subaru Starlink developer accounts']},
 'motivation': 'Exposure of vulnerabilities',
 'post_incident_analysis': {'corrective_actions': ['Patching the flaw'],
                            'root_causes': ['Web vulnerabilities']},
 'response': {'remediation_measures': ['Patching the flaw']},
 'threat_actor': 'Security researchers',
 'title': 'Subaru Starlink Service Web Vulnerabilities',
 'type': 'Web Vulnerabilities',
 'vulnerability_exploited': "Web vulnerabilities in Subaru's Starlink service"}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.