A year ago, two security researchers, Sam Curry and Shubham Shah, uncovered alarming vulnerabilities in a Subaru web portal that enabled them to hijack car controls and track driver location data. According to a Wired report, the researchers were able to remotely start the car and access a year's worth of location data through a web portal intended for employees.

The vulnerabilities, which have since been fixed by Subaru, allowed the researchers to gain unauthorized access to sensitive information, including real-time location tracking. Curry warned that this type of data could be weaponized against individuals, citing scenarios such as tracking someone's whereabouts to compromise their privacy or security. "Whether somebody's cheating on their wife or getting an abortion or part of some political group, there are a million scenarios where you could weaponize this against someone," Curry told Wired.

The researchers' findings highlight a more pervasive security issue in the automotive industry, where connected cars rely on web-based systems that can be exploited by hackers. As long as employees have access to such data, the information remains vulnerable to evolving methods of hacking. Curry and Shah's discovery serves as a wake-up call to the industry, emphasizing the need for robust security measures to protect sensitive data.

The issue is not limited to Subaru; the researchers noted that similar web-based flaws affect other carmakers, including Acura, Genesis, Honda, Hyundai, Infiniti, Kia, and Toyota. This industry-wide problem underscores the importance of collaboration and information sharing among manufacturers to address these vulnerabilities and ensure the security of connected cars.

The growing reliance on connected technology in the automotive industry has introduced new security risks, and manufacturers must prioritize the protection of sensitive data. As the Internet of Things (IoT) continues to expand, the potential attack surface for hackers will only increase. It is crucial for manufacturers to invest in robust security measures, including penetration testing and vulnerability disclosure programs, to identify and address security flaws before they can be exploited.

In the broader context, the discovery of these vulnerabilities serves as a reminder of the importance of cybersecurity in the development of connected technologies. As the IoT continues to shape the future of various industries, it is essential to prioritize security and privacy to prevent the exploitation of sensitive data. The automotive industry, in particular, must take proactive steps to address these vulnerabilities and ensure the security of connected cars.