For years, technology has made vehicles safer and more convenient. But as cars become more connected, concerns about data privacy and security have grown.
Many modern vehicles collect and transmit vast amounts of information, often without drivers fully understanding who has access to it. This has led to ongoing debates about cybersecurity risks in the auto industry.
Subaru recently addressed a major vulnerability in its Starlink system, which could have allowed unauthorized tracking of millions of vehicles.
Remotely Unlock and Start Vehicles
The flaw, discovered by cybersecurity researcher Sam Curry and his team, exposed the GPS locations of Subaru cars for up to a year. It also made it possible to remotely unlock and start affected vehicles.
The security issue impacted Subaru's connected services in the United States, Canada, and Japan.
Starlink is designed to provide safety features such as emergency response and remote access, but the flaw left vehicle data open to potential misuse, according to Boosted.
Once notified, Subaru acted quickly to resolve the issue, implementing a fix within 24 hours. The company confirmed that employees can still access location data for individual vehicles through a web-based platform.
This feature is primarily used to assist emergency services in locating vehicles after accidents. Subaru stated that its staff undergo special training to manage this sensitive information.
Curry questioned whether storing a year’s worth of location data is necessary. He raised concerns about how much personal information car manufacturers collect and how long they retain it.
The issue with Subaru’s system is part of a larger discussion about privacy in the automotive industry. Other manufacturers have faced similar concerns.
Tesla, for instance, has been criticized for extensive tracking of its vehicles, and cybersecurity experts have warned about data collection in cars produced by Chinese automakers.
