Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label internet-connected cars. Show all posts
Starlink
Automakers Cyber Attacks data security internet-connected cars PII Security flaw Smart Cars Starlink

Subaru Starlink Security Flaw Exposes Risks of Connected Cars

 

As vehicles become increasingly connected to the internet, cybersecurity threats pose growing risks to drivers. A recent security flaw in Subaru’s Starlink system highlights the potential dangers, allowing hackers to remotely control vehicles and access sensitive data. This incident is part of a broader trend affecting the automotive industry, where weaknesses in connected car systems expose users to financial loss, privacy breaches, and safety concerns. 

Researchers found that with just a license plate number and basic owner details, attackers could exploit Subaru’s Starlink system to start or stop the car, lock or unlock doors, and track real-time locations. More alarmingly, hackers could extract personally identifiable information (PII), including billing details, emergency contacts, and historical location data accurate within five meters. The vulnerability stemmed from weak security in the Starlink admin portal, including an insecure password reset API and insufficient protection against two-factor authentication (2FA) bypass. 

Subaru quickly patched the issue within 24 hours of its discovery, but the incident underscores the risks associated with connected vehicles. This is not an isolated case. Other automakers have faced similar security lapses, such as a flaw in Kia’s dealer portal that allowed hackers to track and steal vehicles. Common security issues in connected car systems include weak authentication, improper encryption, centralized storage of sensitive data, and vulnerabilities in third-party integrations. Delayed responses from automakers further exacerbate these risks, leaving vehicles exposed for extended periods. 

Beyond direct system hacks, connected cars face a range of cybersecurity threats. Attackers could remotely hijack vehicle controls, steal onboard financial and personal data, or even deploy ransomware to disable vehicles. GPS spoofing could mislead drivers or facilitate vehicle theft, while compromised infotainment systems may leak personal details or spread malware. While automakers must strengthen security measures, consumers can take steps to protect themselves. Regularly updating vehicle firmware and connected apps can help prevent exploits. 

Using multi-factor authentication (MFA) for connected car accounts and avoiding weak passwords add an extra layer of security. Limiting the amount of personal data linked to vehicle systems reduces exposure. Disabling unnecessary connectivity features, such as remote start or location tracking, also minimizes risk. Additional precautions include avoiding public Wi-Fi for accessing connected car systems, using a virtual private network (VPN) when necessary, and carefully vetting third-party apps before granting permissions. Traditional security tools like steering wheel locks and GPS trackers remain valuable backup measures against cyber threats. 

As connected cars become more common, cybersecurity will play a crucial role in vehicle safety. Automakers must prioritize security by implementing robust encryption, strong authentication, and rapid vulnerability response. At the same time, consumers should stay informed and take proactive steps to safeguard their vehicles and personal data from evolving digital threats.
Read more »
revenue
class-action complaint Customer Trust Cyber Security Data Brokers digital badges driving habits General Motors insurance industry internet-connected cars OnStar Smart Driver privacy processes revenue

General Motors Ceases Sharing Driver Behavior Data with Data Brokers

 


General Motors announced on Friday that it ceased sharing information on driving habits of its customers with two data brokers involved in creating risk assessments for insurance companies.

This decision came in response to a recent report by The New York Times revealing that General Motors had been sharing data on mileage, braking, acceleration, and speed of drivers with the insurance industry for several years. These data were collected through the OnStar Smart Driver feature in General Motors' internet-connected cars, often without the drivers' knowledge. This feature gathered driving data and offered feedback and digital rewards for safe driving.

Some drivers reported that their insurance premiums increased due to the shared data, which General Motors provided to two brokers, LexisNexis Risk Solutions and Verisk, who then sold it to insurance firms.

A spokesperson for General Motors, Malorie Lucich, stated via email that since Wednesday, they have halted the sharing of OnStar Smart Driver customer data with LexisNexis or Verisk. Lucich emphasized the company's commitment to customer trust and stated that they are actively reviewing their privacy procedures and policies.

In response to the situation, Romeo Chicco from Florida, whose insurance rates nearly doubled after his Cadillac's driving data was collected, filed a complaint seeking class-action status against General Motors, OnStar, and LexisNexis.

An internal document, examined by The New York Times, indicated that as of 2022, over eight million vehicles were enrolled in the Smart Driver program. A company insider revealed that the program's annual revenue was in the low millions of dollars.
Read more »
Subscribe to: Posts (Atom)