A year ago, two security researchers discovered vulnerabilities in a Subaru web portal that allowed car controls and driver location information to be tracked. Wired report.
After researchers Sam Curry and Shubham Shah presented their findings to the Japanese automaker, Subaru fixed the vulnerabilities. But he warns that finding and fixing security flaws in connected cars is a more pervasive security problem than Band-Aids.
In this case, the researchers hacked into the test car through a web portal for employees, allowing them to not only do things like start the car remotely, but also track the vehicle's location in real time and view the year's location. Data.
“Whether someone cheats on their wife and gets an abortion. Be it a part of some political organization or not. There are a million situations in which you can surrender to someone,” Curry told Wired.
As long as employees have access to such data, that information can evolve hacking methods.
The researchers also noted that this is an industry-wide problem. Similar web-based bugs Acura, Genesis Honda Hyundai Infiniti, It also affects other automakers such as Kia and Toyota.