Subaru STARLINK: a critical flaw in connected cars

📅 Jan 23, 2025
cybersécurité automobile
🚗💻 On November 20, 2024, researchers Shubham Shah and Samwcyo discovered a critical vulnerability in Subaru's STARLINK service.

What this flaw allowed

  • 🔓 Remote control: start, lock and unlock the vehicle.

  • 📍 Precise tracking: access to one year of driving history.

  • 📂 Personal data: contact details, addresses, and vehicle PIN.


    • All this could be done with just a last name and a postal code.

    Subaru’s response


  • Reported: November 20, 23:54 CST

  • Confirmation: November 21, 7:40 CST

  • Full fix: November 21, 16:00 CST

In less than 24 hours, the vulnerability was fixed ✅

A bigger question


While Subaru’s quick reaction is commendable, this case raises a broader question:

👉 Do we really need to connect every car and device to remote servers?

Connected tech brings comfort, but an offline car faces no cyber risks. Sometimes, physical separation remains the best security.

#Cybersecurity #ConnectedCars #STARLINK
← Back to articles