Subaru Starlink: Difference between revisions

Line 15:

===Obstructive advertising===

Since at least 23-05-25<ref name=":0">{{Cite web |title=Just die already SiriusXM |url=https://www.reddit.com/r/subaru/comments/13rl630/just_die_already_siriusxm/ |archive-url=https://archive.ph/~~xzpun~~ |archive-date=~~26 Jan~~ 2026 |access-date=2025-11-27 |website=Reddit}}</ref>, Subaru Starlink will sometimes display whole-screen advertisements for [[SiriusXM]] in vehicles with SiriusXM functionality<ref name=":0" />. Advertisements will display regardless of whether the customer purchased a SiriusXM subscription, and cannot be bypassed without explicitly pressing the close button. Normal system usage, such as GPS, media settings, or driving settings cannot be done until the advertisements are closed.

Since at least 23-05-25<ref name=":0">{{Cite web |title=Just die already SiriusXM |url=https://www.reddit.com/r/subaru/comments/13rl630/just_die_already_siriusxm/ |archive-url=https://web.archive.org/web/20260222225614/https://old.reddit.com/r/subaru/comments/13rl630/just_die_already_siriusxm/ |archive-date=22 Feb 2026|access-date=2025-11-27 |website=Reddit}}</ref>, Subaru Starlink will sometimes display whole-screen advertisements for [[SiriusXM]] in vehicles with SiriusXM functionality<ref name=":0" />. Advertisements will display regardless of whether the customer purchased a SiriusXM subscription, and cannot be bypassed without explicitly pressing the close button. Normal system usage, such as GPS, media settings, or driving settings cannot be done until the advertisements are closed.

Users are only able to opt-out of this advertising if they have a SiriusXM subscription, which itself will require consent to additional telemetry from SiriusXM<ref>{{Cite web |date=2025-11-27 |title=SiriusXM Help & Support Center |url=https://listenercare.siriusxm.com/prweb/autoredirect/app/ExternalKM/help/SupportCenter/article/KC-383215/How-do-I-manage-pop-up-messages-inside-my-vehicle%3F |url-status=live |archive-url=https://~~archive~~.ph/~~bUInY~~ |archive-date=26 Jan 2026}}</ref>. Alternative recourse would involve manually uninstalling the telematics module or pulling the fuse powering the telematics module to disable connectivity. <ref>{{Cite web |date=2025-11-27 |title=No sound in front speakers / Mic is missing (Something with Starlink plugs?) - Resolved {{!}} Subaru Crosstrek and XV Forums |url=https://www.subaruxvforum.com/threads/no-sound-in-front-speakers-mic-is-missing-something-with-starlink-plugs-resolved.180778/ |archive-url=https://web.archive.org/web/20260126213325/https://www.subaruxvforum.com/threads/no-sound-in-front-speakers-mic-is-missing-something-with-starlink-plugs-resolved.180778/ |archive-date=26 Jan 2026 |access-date=2025-11-27 |website=Subaru Crosstrek and XV Forums}}</ref> However, this can disable front audio speakers on certain models due to the fuse powering both Starlink telematics and the front speakers<ref>{{Cite web |date=2020-03-02 |title=Disconnecting your telematics (Starlink) antenna {{!}} Subaru Outback Forums |url=https://www.subaruoutback.org/threads/disconnecting-your-telematics-starlink-antenna.519259/ |archive-url=https://web.archive.org/web/20230514174802/https://www.subaruoutback.org/threads/disconnecting-your-telematics-starlink-antenna.519259/ |archive-date=14 May 2023 |access-date=2025-11-27 |website=Subaru Outback Forums}}</ref>.

Users are only able to opt-out of this advertising if they have a SiriusXM subscription, which itself will require consent to additional telemetry from SiriusXM<ref>{{Cite web |date=2025-11-27 |title=SiriusXM Help & Support Center |url=https://listenercare.siriusxm.com/prweb/autoredirect/app/ExternalKM/help/SupportCenter/article/KC-383215/How-do-I-manage-pop-up-messages-inside-my-vehicle%3F |url-status=live |archive-url=http://web.archive.org/web/20260126212422/https://listenercare.siriusxm.com/prweb/autoredirect/app/ExternalKM/help/SupportCenter/article/KC-383215/How-do-I-manage-pop-up-messages-inside-my-vehicle%3F |archive-date=26 Jan 2026}}</ref>. Alternative recourse would involve manually uninstalling the telematics module or pulling the fuse powering the telematics module to disable connectivity. <ref>{{Cite web |date=2025-11-27 |title=No sound in front speakers / Mic is missing (Something with Starlink plugs?) - Resolved {{!}} Subaru Crosstrek and XV Forums |url=https://www.subaruxvforum.com/threads/no-sound-in-front-speakers-mic-is-missing-something-with-starlink-plugs-resolved.180778/ |archive-url=https://web.archive.org/web/20260126213325/https://www.subaruxvforum.com/threads/no-sound-in-front-speakers-mic-is-missing-something-with-starlink-plugs-resolved.180778/ |archive-date=26 Jan 2026 |access-date=2025-11-27 |website=Subaru Crosstrek and XV Forums}}</ref> However, this can disable front audio speakers on certain models due to the fuse powering both Starlink telematics and the front speakers<ref>{{Cite web |date=2020-03-02 |title=Disconnecting your telematics (Starlink) antenna {{!}} Subaru Outback Forums |url=https://www.subaruoutback.org/threads/disconnecting-your-telematics-starlink-antenna.519259/ |archive-url=https://web.archive.org/web/20230514174802/https://www.subaruoutback.org/threads/disconnecting-your-telematics-starlink-antenna.519259/ |archive-date=14 May 2023 |access-date=2025-11-27 |website=Subaru Outback Forums}}</ref>.

===Starlink app exploit (''2025'')===

Line 24:

Inside the admin portal any employee can access a wide range of personal information, largely comprised of the personal information listed below. Additionally, if the employee has level 2 access, they can remotely lock, unlock, honk, issue speeding warnings and more which they demonstrated on their own and a friend's Subaru car.

The incident was initially ethically disclosed to Subaru on 24-20-11 with a blog post detailing the exploit released on 25-23-01.<ref>{{Cite web |last=Curry |first=Sam |date=23 Jan 2025 |title=Hacking Subaru: Tracking and Controlling Cars via the STARLINK Admin Panel |url=https://samcurry.net/hacking-subaru |archive-url=https://~~archive~~.ph/~~qaOil~~ |archive-date=~~24 Jan~~ 2025 |access-date=2025-02-19 |website=samcurry.net}}</ref>

The incident was initially ethically disclosed to Subaru on 24-20-11 with a blog post detailing the exploit released on 25-23-01.<ref>{{Cite web |last=Curry |first=Sam |date=23 Jan 2025 |title=Hacking Subaru: Tracking and Controlling Cars via the STARLINK Admin Panel |url=https://samcurry.net/hacking-subaru |archive-url=http://web.archive.org/web/20251115022030/https://samcurry.net/hacking-subaru |archive-date=15 Nov 2025|access-date=2025-02-19 |website=samcurry.net}}</ref>

==Data collection==

Line 58:

===Third-party data sharing===

Subaru shares data with several entities, including:

*Data brokers, such as LexisNexis<ref name="SubaruPrivacy" /> and Verisk.<ref name="TorqueNews">{{Cite web |last=Flierl |first=Denis |date=21 May 2024 |title=Vehicle Data Collection Lawsuit |url=https://www.torquenews.com/1084/subaru-now-involved-vehicle-data-collection-lawsuit-investigation |archive-url=https://~~archive~~.ph/~~SZDh9~~ |archive-date=~~26 Jan 2026~~ |access-date=2025-01-16 |website=torquenews.com}}</ref><ref name="NYT">{{Cite web |last=Hill |first=Kashmir |date=11 March 2024 |title=Automakers Are Sharing Drivers’ Data |url=https://www.nytimes.com/2024/03/11/technology/carmakers-driver-tracking-insurance.html |archive-url=https://web.archive.org/web/20240311090514/https://www.nytimes.com/2024/03/11/technology/carmakers-driver-tracking-insurance.html |archive-date=11 Mar 2024 |access-date=2025-01-16 |website=nytimes.com}}</ref>

*Data brokers, such as LexisNexis<ref name="SubaruPrivacy" /> and Verisk.<ref name="TorqueNews">{{Cite web |last=Flierl |first=Denis |date=21 May 2024 |title=Vehicle Data Collection Lawsuit |url=https://www.torquenews.com/1084/subaru-now-involved-vehicle-data-collection-lawsuit-investigation |archive-url=http://web.archive.org/web/20250801220315/https://www.torquenews.com/1084/subaru-now-involved-vehicle-data-collection-lawsuit-investigation |archive-date=1 Aug 2025|access-date=2025-01-16 |website=torquenews.com}}</ref><ref name="NYT">{{Cite web |last=Hill |first=Kashmir |date=11 March 2024 |title=Automakers Are Sharing Drivers’ Data |url=https://www.nytimes.com/2024/03/11/technology/carmakers-driver-tracking-insurance.html |archive-url=https://web.archive.org/web/20240311090514/https://www.nytimes.com/2024/03/11/technology/carmakers-driver-tracking-insurance.html |archive-date=11 Mar 2024 |access-date=2025-01-16 |website=nytimes.com}}</ref>

*Insurance companies for risk assessment and pricing.<ref name="TorqueNews" />

*Marketing firms.

@@ Line 15: / Line 15: @@
 ===Obstructive advertising===
-Since at least 23-05-25<ref name=":0">{{Cite web |title=Just die already SiriusXM |url=https://www.reddit.com/r/subaru/comments/13rl630/just_die_already_siriusxm/ |archive-url=https://archive.ph/xzpun |archive-date=26 Jan 2026 |access-date=2025-11-27 |website=Reddit}}</ref>, Subaru Starlink will sometimes display whole-screen advertisements for [[SiriusXM]] in vehicles with SiriusXM functionality<ref name=":0" />. Advertisements will display regardless of whether the customer purchased a SiriusXM subscription, and cannot be bypassed without explicitly pressing the close button. Normal system usage, such as GPS, media settings, or driving settings cannot be done until the advertisements are closed.
+Since at least 23-05-25<ref name=":0">{{Cite web |title=Just die already SiriusXM |url=https://www.reddit.com/r/subaru/comments/13rl630/just_die_already_siriusxm/ |archive-url=https://web.archive.org/web/20260222225614/https://old.reddit.com/r/subaru/comments/13rl630/just_die_already_siriusxm/ |archive-date=22 Feb 2026|access-date=2025-11-27 |website=Reddit}}</ref>, Subaru Starlink will sometimes display whole-screen advertisements for [[SiriusXM]] in vehicles with SiriusXM functionality<ref name=":0" />. Advertisements will display regardless of whether the customer purchased a SiriusXM subscription, and cannot be bypassed without explicitly pressing the close button. Normal system usage, such as GPS, media settings, or driving settings cannot be done until the advertisements are closed.
-Users are only able to opt-out of this advertising if they have a SiriusXM subscription, which itself will require consent to additional telemetry from SiriusXM<ref>{{Cite web |date=2025-11-27 |title=SiriusXM Help & Support Center |url=https://listenercare.siriusxm.com/prweb/autoredirect/app/ExternalKM/help/SupportCenter/article/KC-383215/How-do-I-manage-pop-up-messages-inside-my-vehicle%3F |url-status=live |archive-url=https://archive.ph/bUInY |archive-date=26 Jan 2026}}</ref>. Alternative recourse would involve manually uninstalling the telematics module or pulling the fuse powering the telematics module to disable connectivity. <ref>{{Cite web |date=2025-11-27 |title=No sound in front speakers / Mic is missing (Something with Starlink plugs?) - Resolved {{!}} Subaru Crosstrek and XV Forums |url=https://www.subaruxvforum.com/threads/no-sound-in-front-speakers-mic-is-missing-something-with-starlink-plugs-resolved.180778/ |archive-url=https://web.archive.org/web/20260126213325/https://www.subaruxvforum.com/threads/no-sound-in-front-speakers-mic-is-missing-something-with-starlink-plugs-resolved.180778/ |archive-date=26 Jan 2026 |access-date=2025-11-27 |website=Subaru Crosstrek and XV Forums}}</ref> However, this can disable front audio speakers on certain models due to the fuse powering both Starlink telematics and the front speakers<ref>{{Cite web |date=2020-03-02 |title=Disconnecting your telematics (Starlink) antenna {{!}} Subaru Outback Forums |url=https://www.subaruoutback.org/threads/disconnecting-your-telematics-starlink-antenna.519259/ |archive-url=https://web.archive.org/web/20230514174802/https://www.subaruoutback.org/threads/disconnecting-your-telematics-starlink-antenna.519259/ |archive-date=14 May 2023 |access-date=2025-11-27 |website=Subaru Outback Forums}}</ref>.
+Users are only able to opt-out of this advertising if they have a SiriusXM subscription, which itself will require consent to additional telemetry from SiriusXM<ref>{{Cite web |date=2025-11-27 |title=SiriusXM Help & Support Center |url=https://listenercare.siriusxm.com/prweb/autoredirect/app/ExternalKM/help/SupportCenter/article/KC-383215/How-do-I-manage-pop-up-messages-inside-my-vehicle%3F |url-status=live |archive-url=http://web.archive.org/web/20260126212422/https://listenercare.siriusxm.com/prweb/autoredirect/app/ExternalKM/help/SupportCenter/article/KC-383215/How-do-I-manage-pop-up-messages-inside-my-vehicle%3F |archive-date=26 Jan 2026}}</ref>. Alternative recourse would involve manually uninstalling the telematics module or pulling the fuse powering the telematics module to disable connectivity. <ref>{{Cite web |date=2025-11-27 |title=No sound in front speakers / Mic is missing (Something with Starlink plugs?) - Resolved {{!}} Subaru Crosstrek and XV Forums |url=https://www.subaruxvforum.com/threads/no-sound-in-front-speakers-mic-is-missing-something-with-starlink-plugs-resolved.180778/ |archive-url=https://web.archive.org/web/20260126213325/https://www.subaruxvforum.com/threads/no-sound-in-front-speakers-mic-is-missing-something-with-starlink-plugs-resolved.180778/ |archive-date=26 Jan 2026 |access-date=2025-11-27 |website=Subaru Crosstrek and XV Forums}}</ref> However, this can disable front audio speakers on certain models due to the fuse powering both Starlink telematics and the front speakers<ref>{{Cite web |date=2020-03-02 |title=Disconnecting your telematics (Starlink) antenna {{!}} Subaru Outback Forums |url=https://www.subaruoutback.org/threads/disconnecting-your-telematics-starlink-antenna.519259/ |archive-url=https://web.archive.org/web/20230514174802/https://www.subaruoutback.org/threads/disconnecting-your-telematics-starlink-antenna.519259/ |archive-date=14 May 2023 |access-date=2025-11-27 |website=Subaru Outback Forums}}</ref>.
 ===Starlink app exploit (''2025'')===
@@ Line 24: / Line 24: @@
 Inside the admin portal any employee can access a wide range of personal information, largely comprised of the personal information listed below. Additionally, if the employee has level 2 access, they can remotely lock, unlock, honk, issue speeding warnings and more which they demonstrated on their own and a friend's Subaru car.
-The incident was initially ethically disclosed to Subaru on 24-20-11 with a blog post detailing the exploit released on 25-23-01.<ref>{{Cite web |last=Curry |first=Sam |date=23 Jan 2025 |title=Hacking Subaru: Tracking and Controlling Cars via the STARLINK Admin Panel |url=https://samcurry.net/hacking-subaru |archive-url=https://archive.ph/qaOil |archive-date=24 Jan 2025 |access-date=2025-02-19 |website=samcurry.net}}</ref>
+The incident was initially ethically disclosed to Subaru on 24-20-11 with a blog post detailing the exploit released on 25-23-01.<ref>{{Cite web |last=Curry |first=Sam |date=23 Jan 2025 |title=Hacking Subaru: Tracking and Controlling Cars via the STARLINK Admin Panel |url=https://samcurry.net/hacking-subaru |archive-url=http://web.archive.org/web/20251115022030/https://samcurry.net/hacking-subaru |archive-date=15 Nov 2025|access-date=2025-02-19 |website=samcurry.net}}</ref>
 ==Data collection==
@@ Line 58: / Line 58: @@
 ===Third-party data sharing===
 Subaru shares data with several entities, including:
-*Data brokers, such as LexisNexis<ref name="SubaruPrivacy" /> and Verisk.<ref name="TorqueNews">{{Cite web |last=Flierl |first=Denis |date=21 May 2024 |title=Vehicle Data Collection Lawsuit |url=https://www.torquenews.com/1084/subaru-now-involved-vehicle-data-collection-lawsuit-investigation |archive-url=https://archive.ph/SZDh9 |archive-date=26 Jan 2026 |access-date=2025-01-16 |website=torquenews.com}}</ref><ref name="NYT">{{Cite web |last=Hill |first=Kashmir |date=11 March 2024 |title=Automakers Are Sharing Drivers’ Data |url=https://www.nytimes.com/2024/03/11/technology/carmakers-driver-tracking-insurance.html |archive-url=https://web.archive.org/web/20240311090514/https://www.nytimes.com/2024/03/11/technology/carmakers-driver-tracking-insurance.html |archive-date=11 Mar 2024 |access-date=2025-01-16 |website=nytimes.com}}</ref>
+*Data brokers, such as LexisNexis<ref name="SubaruPrivacy" /> and Verisk.<ref name="TorqueNews">{{Cite web |last=Flierl |first=Denis |date=21 May 2024 |title=Vehicle Data Collection Lawsuit |url=https://www.torquenews.com/1084/subaru-now-involved-vehicle-data-collection-lawsuit-investigation |archive-url=http://web.archive.org/web/20250801220315/https://www.torquenews.com/1084/subaru-now-involved-vehicle-data-collection-lawsuit-investigation |archive-date=1 Aug 2025|access-date=2025-01-16 |website=torquenews.com}}</ref><ref name="NYT">{{Cite web |last=Hill |first=Kashmir |date=11 March 2024 |title=Automakers Are Sharing Drivers’ Data |url=https://www.nytimes.com/2024/03/11/technology/carmakers-driver-tracking-insurance.html |archive-url=https://web.archive.org/web/20240311090514/https://www.nytimes.com/2024/03/11/technology/carmakers-driver-tracking-insurance.html |archive-date=11 Mar 2024 |access-date=2025-01-16 |website=nytimes.com}}</ref>
 *Insurance companies for risk assessment and pricing.<ref name="TorqueNews" />
 *Marketing firms.