Subaru Starlink: Difference between revisions

Line 16:

Inside the admin portal any employee had access to a range of personal information, largely comprised of the personal information listed below. Additionally the employee the hacker had login as had level 2 access allowing them to remotely lock, unlock, honk, issue speeding warnings and more which they demonstrated on their own and a friend's Subaru car.

The incident was initially ethically disclosed to Subaru on 24-20-11 with a blog post detailing the exploit released on 25-23-01<ref>https://samcurry.net/hacking-subaru -

The incident was initially ethically disclosed to Subaru on 24-20-11 with a blog post detailing the exploit released on 25-23-01<ref>{{Cite web |last=Curry |first=Sam |date=23 Jan 2025 |title=Hacking Subaru: Tracking and Controlling Cars via the STARLINK Admin Panel |url=https://samcurry.net/hacking-subaru |access-date=2025-02-19 |website=samcurry.net}}</ref>

~~samcurry.net - acessed~~ 2025-02-19</ref>

==Data collection==

===Types of data collected===

Subaru’s privacy policy and STARLINK terms of service specify that the following data may be collected:<ref name="SubaruPrivacy">[https://www.subaru.com/support/privacy-policies.html ~~Subaru Privacy Policy]~~ - ~~subaru.com - accessed~~ 2025-01-16</ref>

Subaru’s privacy policy and STARLINK terms of service specify that the following data may be collected:<ref name="SubaruPrivacy">{{Cite web |date= |title=Subaru Privacy Policy |url=https://www.subaru.com/support/privacy-policies.html |access-date=2025-01-16 |website=subaru.com}}</ref>

*'''Personal information'''

Line 44:

Line 42:

===Collection methods===

Data collection is performed through:

*Vehicle sensors and diagnostic modules.<ref name="MozillaReview">[https://foundation.mozilla.org/en/privacynotincluded/subaru/ ~~"Mozilla Foundation Privacy Review: Subaru"]~~ - foundation.mozilla.org ~~- accessed 2025-01-16~~</ref>

*Vehicle sensors and diagnostic modules.<ref name="MozillaReview">{{Cite web |last=Mozilla Research |first= |date=15 Aug 2023 |title=Mozilla Foundation Privacy Review: Subaru |url=https://foundation.mozilla.org/en/privacynotincluded/subaru/ |access-date=2025-01-16 |website=foundation.mozilla.org}}</ref>

*GPS tracking systems.

*Cellular-connectivity modules.

Line 52:

Line 50:

===Third-party data sharing===

Subaru shares data with several entities, including:

*Data brokers, such as LexisNexis<ref name="SubaruPrivacy" /> and Verisk.<ref name="TorqueNews">[https://www.torquenews.com/1084/subaru-now-involved-vehicle-data-collection-lawsuit-investigation ~~"Vehicle Data Collection Lawsuit"]~~ - ~~torquenews.com - accessed~~ 2025-01-16</ref><ref name="NYT">[https://www.nytimes.com/2024/03/11/technology/carmakers-driver-tracking-insurance.html ~~"Automakers Are Sharing Drivers’ Data"]~~- ~~nytimes.com - accessed~~ 2025-01-16</ref>

*Data brokers, such as LexisNexis<ref name="SubaruPrivacy" /> and Verisk.<ref name="TorqueNews">{{Cite web |last=Flierl |first=Denis |date=21 May 2024 |title=Vehicle Data Collection Lawsuit |url=https://www.torquenews.com/1084/subaru-now-involved-vehicle-data-collection-lawsuit-investigation |access-date=2025-01-16 |website=torquenews.com}}</ref><ref name="NYT">{{Cite web |last=Hill |first=Kashmir |date=11 March 2024 |title=Automakers Are Sharing Drivers’ Data |url=https://www.nytimes.com/2024/03/11/technology/carmakers-driver-tracking-insurance.html |access-date=2025-01-16 |website=nytimes.com}}</ref>

*Insurance companies for risk assessment and pricing.<ref name="TorqueNews" />

*Marketing firms.

Line 75:

Line 73:

*Submitting detailed personal information.

*Potentially long response times.

*No verification mechanism for successful opt-out.<ref name="ConsumerForum">[https://www.subaruoutback.org/threads/privacy-not-included-subaru-report-connected-services-etc.556583/ ~~"Privacy Report Discussion"] - subaruoutback.org~~ - ~~accessed~~ 2025-01-16</ref>

*No verification mechanism for successful opt-out.<ref name="ConsumerForum">{{Cite web |date=26 Jan 2025 |title=Privacy Report Discussion |url=https://www.subaruoutback.org/threads/privacy-not-included-subaru-report-connected-services-etc.556583/ |access-date=2025-01-16 |website=subaruoutback.org}}</ref>

===Legal challenges===

Line 88:

Line 86:

*Embedded telematics devices.

*4G LTE cellular networks.

*GPS receivers and cloud-based data-processing systems.<ref name="StarlinkTerms">[https://www.subaru.com/support/terms-and-conditions/subaru-starlink/subaru-starlink-services.html ~~"Subaru STARLINK Terms and Conditions"] - subaru.com~~ - ~~accessed~~ 2025-01-16</ref>

*GPS receivers and cloud-based data-processing systems.<ref name="StarlinkTerms">{{Cite web |title=Subaru STARLINK Terms and Conditions |url=https://www.subaru.com/support/terms-and-conditions/subaru-starlink/subaru-starlink-services.html |access-date=2025-01-16 |website=subaru.com}}</ref>

===Data transmission===

Line 110:

Line 108:

[[Category:Automotive privacy]]

[[Category:Data ~~Collection~~]]

[[Category:Data collection]]

[[Category:Consumer rights]]

@@ Line 16: / Line 16: @@
 Inside the admin portal any employee had access to a range of personal information, largely comprised of the personal information listed below. Additionally the employee the hacker had login as had level 2 access allowing them to remotely lock, unlock, honk, issue speeding warnings and more which they demonstrated on their own and a friend's Subaru car.
-The incident was initially ethically disclosed to Subaru on 24-20-11 with a blog post detailing the exploit released on 25-23-01<ref>https://samcurry.net/hacking-subaru -
+The incident was initially ethically disclosed to Subaru on 24-20-11 with a blog post detailing the exploit released on 25-23-01<ref>{{Cite web |last=Curry |first=Sam |date=23 Jan 2025 |title=Hacking Subaru: Tracking and Controlling Cars via the STARLINK Admin Panel |url=https://samcurry.net/hacking-subaru |access-date=2025-02-19 |website=samcurry.net}}</ref>
-samcurry.net - acessed 2025-02-19</ref>
 ==Data collection==
 ===Types of data collected===
-Subaru’s privacy policy and STARLINK terms of service specify that the following data may be collected:<ref name="SubaruPrivacy">[https://www.subaru.com/support/privacy-policies.html Subaru Privacy Policy] - subaru.com - accessed 2025-01-16</ref>
+Subaru’s privacy policy and STARLINK terms of service specify that the following data may be collected:<ref name="SubaruPrivacy">{{Cite web |date= |title=Subaru Privacy Policy |url=https://www.subaru.com/support/privacy-policies.html |access-date=2025-01-16 |website=subaru.com}}</ref>
 *'''Personal information'''
@@ Line 44: / Line 42: @@
 ===Collection methods===
 Data collection is performed through:
-*Vehicle sensors and diagnostic modules.<ref name="MozillaReview">[https://foundation.mozilla.org/en/privacynotincluded/subaru/ "Mozilla Foundation Privacy Review: Subaru"] - foundation.mozilla.org - accessed 2025-01-16</ref>
+*Vehicle sensors and diagnostic modules.<ref name="MozillaReview">{{Cite web |last=Mozilla Research |first= |date=15 Aug 2023 |title=Mozilla Foundation Privacy Review: Subaru |url=https://foundation.mozilla.org/en/privacynotincluded/subaru/ |access-date=2025-01-16 |website=foundation.mozilla.org}}</ref>
 *GPS tracking systems.
 *Cellular-connectivity modules.
@@ Line 52: / Line 50: @@
 ===Third-party data sharing===
 Subaru shares data with several entities, including:
-*Data brokers, such as LexisNexis<ref name="SubaruPrivacy" /> and Verisk.<ref name="TorqueNews">[https://www.torquenews.com/1084/subaru-now-involved-vehicle-data-collection-lawsuit-investigation "Vehicle Data Collection Lawsuit"] - torquenews.com - accessed 2025-01-16</ref><ref name="NYT">[https://www.nytimes.com/2024/03/11/technology/carmakers-driver-tracking-insurance.html "Automakers Are Sharing Drivers’ Data"]-  nytimes.com - accessed 2025-01-16</ref>
+*Data brokers, such as LexisNexis<ref name="SubaruPrivacy" /> and Verisk.<ref name="TorqueNews">{{Cite web |last=Flierl |first=Denis |date=21 May 2024 |title=Vehicle Data Collection Lawsuit |url=https://www.torquenews.com/1084/subaru-now-involved-vehicle-data-collection-lawsuit-investigation |access-date=2025-01-16 |website=torquenews.com}}</ref><ref name="NYT">{{Cite web |last=Hill |first=Kashmir |date=11 March 2024 |title=Automakers Are Sharing Drivers’ Data |url=https://www.nytimes.com/2024/03/11/technology/carmakers-driver-tracking-insurance.html |access-date=2025-01-16 |website=nytimes.com}}</ref>
 *Insurance companies for risk assessment and pricing.<ref name="TorqueNews" />
 *Marketing firms.
@@ Line 75: / Line 73: @@
 *Submitting detailed personal information.
 *Potentially long response times.
-*No verification mechanism for successful opt-out.<ref name="ConsumerForum">[https://www.subaruoutback.org/threads/privacy-not-included-subaru-report-connected-services-etc.556583/ "Privacy Report Discussion"] - subaruoutback.org - accessed 2025-01-16</ref>
+*No verification mechanism for successful opt-out.<ref name="ConsumerForum">{{Cite web |date=26 Jan 2025 |title=Privacy Report Discussion |url=https://www.subaruoutback.org/threads/privacy-not-included-subaru-report-connected-services-etc.556583/ |access-date=2025-01-16 |website=subaruoutback.org}}</ref>
 ===Legal challenges===
@@ Line 88: / Line 86: @@
 *Embedded telematics devices.
 *4G LTE cellular networks.
-*GPS receivers and cloud-based data-processing systems.<ref name="StarlinkTerms">[https://www.subaru.com/support/terms-and-conditions/subaru-starlink/subaru-starlink-services.html "Subaru STARLINK Terms and Conditions"] - subaru.com - accessed 2025-01-16</ref>
+*GPS receivers and cloud-based data-processing systems.<ref name="StarlinkTerms">{{Cite web |title=Subaru STARLINK Terms and Conditions |url=https://www.subaru.com/support/terms-and-conditions/subaru-starlink/subaru-starlink-services.html |access-date=2025-01-16 |website=subaru.com}}</ref>
 ===Data transmission===
@@ Line 110: / Line 108: @@
 [[Category:Automotive privacy]]
-[[Category:Data Collection]]
+[[Category:Data collection]]
 [[Category:Consumer rights]]