A year ago, two security researchers discovered a vulnerability in Subaru’s web portal that could take control of the car and track the driver’s location data, Wired reported.
Subaru fixed the vulnerability after researchers Sam Curry and Shubham Shah reported their findings to the Japanese automaker. But they warn that finding and fixing security flaws in cars equipped with connected technology is merely putting a band-aid on a more widespread security problem.
Researchers in this case hacked the test car through an employee web portal. This not only allowed us to start the car remotely, but also track the vehicle’s location in real time and see a year’s worth of location data. .
“There are millions of scenarios in which you could use this as a weapon against someone, whether it’s cheating on your wife, having an abortion, or being part of a political group,” Curry told Wired.
To the extent that employees have access to such data, that information becomes vulnerable to evolving hacking techniques.
The researchers also noted that this is an industry-wide problem. The same web-based flaw also affects other automakers, including Acura, Genesis, Honda, Hyundai, Infiniti, Kia, and Toyota.