Identity, Vulnerability Management, Data Security, IoT

Remote vehicle hacking likely with Subaru infotainment bug

Adobe Stock

Adobe Stock

SecurityWeek reports that all Subaru vehicles in the U.S., Canada, and Japan could be remotely hijacked in attacks exploiting a flaw in the Japanese automaker's Starlink infotainment system.

After inputting valid employee emails to infiltrate Starlink's admin panel hosted on a subarucs.com subdomain, threat actors could perform password resets, omit client-side overlay, and evade two-factor authentication to access the panel's features and determine different types of customer and vehicle information, including names, vehicle identification numbers, and location details, according to cybersecurity researcher Sam Curry, who discovered the issue with researcher Shubham Shah. Stealthy remote vehicle takeovers could also be achieved by attackers by designating themselves as authorized users of the vehicle through the control panel, said Curry, who noted that Subaru had already addressed the issue within a day of being reported in November. Such a development comes after millions of Kia vehicles were discovered by Curry to be at risk of remote hacking through a vulnerability in its owners' web portal.

An In-Depth Guide to Identity

Get essential knowledge and practical strategies to fortify your identity security.

Related

Hacker of SEC’s X account sentenced after admitting guilt

After infiltrating the SEC's X account via SIM swapping conducted with the help of his co-conspirators, Council proceeded to post fraudulent information regarding the planned approval of cryptocurrency-containing exchange-traded funds, which resulted in a Bitcoin price spike, according to the Justice Department.

Reported UK-ordered iCloud encryption backdoor slammed

Implementation of a backdoor that would enable government access to Apple users' cloud storage data could set a precedent for authoritarian nation-states and threat actors, with Electronic Frontier Foundation's Thorin Klosowski noting the threat of a global emergency stemming from the secret order.

DeepSeek prohibited in New York government devices

Increasing concerns regarding the potential utilization of Chinese artificial intelligence platform DeepSeek for foreign government surveillance have prompted New York Gov. Kathy Hochul to ban the AI chatbot's usage across all state-issued devices just days after Texas Gov. Greg Abbott issued a similar prohibition for DeepSeek and Chinese-owned social media apps.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

ChecksumCiphertextCryptographic Hash FunctionsCyclic Redundancy Check (CRC)Data Loss Prevention (DLP)Data WarehousingDiffie-HellmanDigital EnvelopeDigital Signature Algorithm (DSA)Disassembly

You can skip this ad in 5 seconds