Technology

71537 readers

3689 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related news or articles.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago

MODERATORS

L3s@lemmy.world

enu@lemmy.world

technopagan@lemmy.world

L4s@lemmy.world

L3s@hackingne.ws

L4s@hackingne.ws

172

Subaru Security Flaws Exposed Its System for Tracking Millions of Cars (www.wired.com)

submitted 4 months ago by dantheclamman@lemmy.world to c/technology@lemmy.world

13 comments fedilink hide all child comments

all 17 comments

sorted by: hot top controversial new old

[–] WhatsHerBucket@lemmy.world 25 points 4 months ago

Summary:

Security researchers Sam Curry and Shubham Shah identified critical vulnerabilities in Subaru’s web portal that allowed unauthorized access to vehicles’ internet-connected features. Through these flaws, they could remotely unlock doors, start the engine, and access detailed location histories spanning at least a year. These vulnerabilities potentially affected millions of Subaru vehicles equipped with the Starlink system in the U.S., Canada, and Japan. Upon being informed, Subaru promptly addressed and patched the issues. However, concerns remain about the extensive location data accessible to Subaru employees, highlighting broader privacy implications regarding the data modern vehicles collect.

[–] mosiacmango@lemm.ee 24 points 4 months ago (1 children)

Just tossing this on these threads at this point:

Subaru data opt out page from the eff:

https://www.subaru.com/support/consumer-privacy.html

No idea if they respect it, but its a good idea regardless.

[+] EngineerGaming@feddit.nl 6 points 4 months ago* (last edited 3 weeks ago) (2 children)

[deleted]

[–] mosiacmango@lemm.ee 4 points 4 months ago* (last edited 4 months ago) (1 children)

For the Subaru's, you have to take out the stereo head unit/screen and pull some wiring/module off of it.

Its apparently not terrible, but it's a big ask for people who don't deal with car audio/electrical on a regular basis.

[–] PM_Your_Nudes_Please@lemmy.world 2 points 4 months ago

This is why so many cars have been moving towards a centralized control center, instead of individual knobs and buttons. For starters, plugging in a touchscreen is a lot faster and easier (and thus cheaper to mass produce) when compared to wiring harnesses for knobs and buttons. But the biggest reason is to make it virtually impossible to disable specific tracking/data collection features without totally destroying your car’s functionality. In many cars, if you disable the tracking stuff, you also disable the AC, radio, cruise control, etc… Because it’s all built into that single hub, and you can’t selectively disable certain parts without killing the whole thing.

[–] bokherif@lemmy.world 12 points 4 months ago (1 children)

Subaru is under the microscope, but every car manufacturer does the same dumb shit these days.

[–] dantheclamman@lemmy.world 5 points 4 months ago (1 children)

Yeah, the article discusses it. It was unique here, though, that everyday Subaru employees have a way to see at least a year of location history for all customers, with no restrictions

[–] PM_Your_Nudes_Please@lemmy.world 3 points 4 months ago* (last edited 4 months ago)

Yeah, this is a nightmare scenario for an abuse victim. Imagine if your partner works at Subaru, you got your car through them, and now you’re trying to escape them.

[–] terraborra@lemmy.nz 12 points 4 months ago (2 children)

Without the paywall https://archive.ph/JBe4A

[–] MondayToFriday@lemmy.ca 11 points 4 months ago

Direct link to the write-up: https://samcurry.net/hacking-subaru

[–] Imgonnatrythis@sh.itjust.works 0 points 4 months ago (1 children)

I'll never stop downvoting these BS paywall posts. There's almost always better source articles that are not paywalled too which makes me feel sad for the poor saps subscribing to these rags.

[–] dantheclamman@lemmy.world 5 points 4 months ago (1 children)

Andy Greenberg is a great security journalist and Wired is not a rag. It's a legendary technology magazine with a lot of great coverage. Journalists deserve to get paid. The article has a lot of broader context and interviews with the security researchers, Subaru and other experts. Plus, it's not even a hard paywall. Delete your cookies or find one of the myriad other ways to read it such as the link above. Or don't. Your loss

[–] Imgonnatrythis@sh.itjust.works -4 points 4 months ago (2 children)

If you enjoy it by all means subscribe. It's really nothing more than advertising though posting links to paywalled sites on social platforms when there are other alternatives. What percentage of people on here do you think subscriber to your favorite paywall site?

[–] ahal@lemmy.ca 1 points 4 months ago

Good call, let's discourage deep thought and long form discussion. More clickbait and exploitation please!