Hackers have exploited a vulnerability in Subaru’s connected car system, Starlink, accessing location history data for vehicles. Researchers Sam Curry and Shubham Shah discovered the flaw by analyzing how employees could reset their account passwords without confirmation. They gained access to an admin panel that allowed tracking of vehicle location pings over the past year. With this, they could potentially monitor cars for insurance purposes or tow them if needed. The vulnerability was fixed within 24 hours after being reported back in November. While the fix is quick, there may be more unknown vulnerabilities in similar connected car systems.
Source: https://jalopnik.com/hackers-crack-subarus-connected-services-to-access-loca-1851746393