Subaru Starlink: Difference between revisions
TasmanianRex (talk | contribs) |
mNo edit summary |
||
| Line 8: | Line 8: | ||
}} | }} | ||
== | ==Consumer impact summary== | ||
{{Ph-C-CIS}} | |||
Starlink is a connectivity service equipped on most modern Subaru vehicles, enabling extensive data collection from the vehicle and its occupants. The service has faced significant criticism and legal challenges over privacy concerns related to its data-collection and -sharing practices.<ref name="MozillaReview" /> | Starlink is a connectivity service equipped on most modern Subaru vehicles, enabling extensive data collection from the vehicle and its occupants. The service has faced significant criticism and legal challenges over privacy concerns related to its data-collection and -sharing practices.<ref name="MozillaReview" /> | ||
== | ===Starlink app exploit (''2025'')=== | ||
The exploit was achieved by intercepting the Starlink app's network requests which revealed the admin portal login screen. Using the "Reset password" feature of the admin portal which was hidden with javascript the hacker found an employee email off linkedin and successfully managed to login to the admin portal. Although implementing 2FA this too was entirely client-side and the modal window blocking further interaction without verification could also be hidden with javascript. | The exploit was achieved by intercepting the Starlink app's network requests which revealed the admin portal login screen. Using the "Reset password" feature of the admin portal which was hidden with javascript the hacker found an employee email off linkedin and successfully managed to login to the admin portal. Although implementing 2FA this too was entirely client-side and the modal window blocking further interaction without verification could also be hidden with javascript. | ||
| Line 107: | Line 108: | ||
<references /> | <references /> | ||
[[Category: | [[Category:{{PAGENAME}}]] | ||