Cybersecurity Experts Warn of Privacy Risks in Modern Automobiles
A pair of hackers, Sam Curry and Shubham Shah, have exposed alarming security vulnerabilities within Subaru’s Starlink-connected infotainment system, enabling them to remotely take control of a Subaru Impreza. The duo gained unauthorized access to the vehicle through a compromised web portal linked to Subaru that allowed them to unlock the car, sound the horn, and start the ignition using any smartphone or computer.
Curry elaborated on their methods in a video and blog post, revealing that he simply reset the password of a Subaru employee’s account, thereby accessing a repository of location data that dated back over a year. The hackers noted that this data included precise records of the vehicle’s movements, down to specific parking spots. Subaru acknowledged the breach and stated that it has since patched the vulnerability, emphasizing its need to collect location data to assist in emergencies and vehicle recovery.
However, Curry and experts in the hacking community argue that automotive manufacturers have little justification for collecting extensive historical location data. They warn that the vulnerabilities they exploited are not exclusive to Subaru, claiming similar flaws exist in the systems of brands like Acura, Honda, Hyundai, Toyota, and more.
Meanwhile, cybersecurity concerns aren’t limited to Subaru. Security researchers from Kaspersky recently identified 13 critical vulnerabilities within Mercedes-Benz’s MBUX infotainment system, capable of allowing hackers to steal data and disable anti-theft protections if they can access the vehicle physically. Although Mercedes-Benz responded that it had patched these vulnerabilities since 2022, concerns remain about the security risks posed by modern connected vehicles.
The growing consensus among cybersecurity experts is clear: modern automobiles pose significant privacy and security threats. A recent Mozilla report emphasized that many cars are “a privacy nightmare,” collecting excessive data without informed consent from users and raising alarms about the potential for hackers to exploit these vehicles.
RECOMMENDED NEWS
Apple's rules to allow third-party app stores in the EU are not beneficial for users or developers
Apple has announced its plans to allow side-loading and third-party app stores in the European Unio...
Microsoft releases the December 2024 security updates for Windows
Welcome to the last Windows security updates overview of 2024. Microsoft released security updates ...
Microsoft confirms it will not lower Windows 11 system requirements
Microsoft has confirmed that the Windows 11 system requirements are not changing. Windows 10 users ...
Nvidia Confirms Manufacturing Flaw in Early RTX 5080 Graphics Cards
Nvidia has officially confirmed that its RTX 5080 graphics card is also affected by the same rare m...
WWDC25 to feature online sessions and in-person events at Apple Park
Apple has announced that its annual Worldwide Developers Conference (WWDC) will take place from Jun...
Google announces extended repair program for Pixel 7a
Google has confirmed that certain models of the Pixel 7a are affected by a battery issue. A support...
Comments on "Cybersecurity Experts Warn of Privacy Risks in Modern Automobiles" :