thanks for tracking me for my own safety, car brands, really preciate it.
Subaru is under the microscope, but every car manufacturer does the same dumb shit these days.
Yeah, the article discusses it. It was unique here, though, that everyday Subaru employees have a way to see at least a year of location history for all customers, with no restrictions
Yeah, this is a nightmare scenario for an abuse victim. Imagine if your partner works at Subaru, you got your car through them, and now you’re trying to escape them.
Just tossing this on these threads at this point:
Subaru data opt out page from the eff:
No idea if they respect it, but its a good idea regardless.
I am not a car owner, but think that if faced with something like this, I’d consult with forums and/or a reputable mechanic on how to remove the telematics unit altogether. Apparently it is easy on some cars.
On my 2019 Outback, I can kill this function by pulling the telematics fuse. But this also kills the front speakers. I need to look into disconnecting the antenna, but I’m a little unsure about removing the headliner to access the bottom of the antenna. Is there another way?
This is why so many cars have been moving towards a centralized control center, instead of individual knobs and buttons. For starters, plugging in a touchscreen is a lot faster and easier (and thus cheaper to mass produce) when compared to wiring harnesses for knobs and buttons. But the biggest reason is to make it virtually impossible to disable specific tracking/data collection features without totally destroying your car’s functionality. In many cars, if you disable the tracking stuff, you also disable the AC, radio, cruise control, etc… Because it’s all built into that single hub, and you can’t selectively disable certain parts without killing the whole thing.
For the Subaru’s, you have to take out the stereo head unit/screen and pull some wiring/module off of it.
Its apparently not terrible, but it’s a big ask for people who don’t deal with car audio/electrical on a regular basis.
Then I’d ask a mechanic that normally services it. The telematics are too much of a problem to not resolve.
Summary:
Security researchers Sam Curry and Shubham Shah identified critical vulnerabilities in Subaru’s web portal that allowed unauthorized access to vehicles’ internet-connected features. Through these flaws, they could remotely unlock doors, start the engine, and access detailed location histories spanning at least a year. These vulnerabilities potentially affected millions of Subaru vehicles equipped with the Starlink system in the U.S., Canada, and Japan. Upon being informed, Subaru promptly addressed and patched the issues. However, concerns remain about the extensive location data accessible to Subaru employees, highlighting broader privacy implications regarding the data modern vehicles collect.
Without the paywall https://archive.ph/JBe4A
Direct link to the write-up: https://samcurry.net/hacking-subaru
I’ll never stop downvoting these BS paywall posts. There’s almost always better source articles that are not paywalled too which makes me feel sad for the poor saps subscribing to these rags.
Andy Greenberg is a great security journalist and Wired is not a rag. It’s a legendary technology magazine with a lot of great coverage. Journalists deserve to get paid. The article has a lot of broader context and interviews with the security researchers, Subaru and other experts. Plus, it’s not even a hard paywall. Delete your cookies or find one of the myriad other ways to read it such as the link above. Or don’t. Your loss
If you enjoy it by all means subscribe. It’s really nothing more than advertising though posting links to paywalled sites on social platforms when there are other alternatives. What percentage of people on here do you think subscriber to your favorite paywall site?
Good call, let’s discourage deep thought and long form discussion. More clickbait and exploitation please!
deleted by creator
deleted by creator
