jsr on Nostr: Monday edition of *Car privacy is an absolute nightmare*: Subaru's employee portal ...
Monday edition of *Car privacy is an absolute nightmare*:
Subaru's employee portal holds a year's worth of location data for all internet-connected cars.
We know this because it was vulnerable (now fixed). You could pull a year's worth of driving just with a license plate.
Props to Sam Curry & Shubham Shah for exposing it. Pic is a years' worth of Sam's mom's #Subaru locations.
I seriously doubt any owner has a clear idea that this data is being collected on them.
But the same thing is replicated for almost every car mfr (see the #Mozilla foundation report on car privacy link)
Literally no car owner has asked for their whip to be turned into a surveillance portal.
And yet..
Car companies feel basically no pressure to do right by customers, but experience a lot of incentives to mine their movements for money.
Sidenote: same (now closed) vulnerability also enabled remote unlocks & starts and a bunch of other highly undesirable things.
Reading list:
The Subaru research:
https://samcurry.net/hacking-subaruNews report on it:
https://www.wired.com/story/subaru-location-tracking-vulnerabilities/Mozilla Foundation's key investigation into car privacy:
https://foundation.mozilla.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/Published at
2025-01-28 04:59:24Event JSON
{
"id": "8269a4486780dddf163cc5de4b65c7dd05dd94fd312618a041c09ff2e3a32052",
"pubkey": "609f186ca023d658c0fe019570472f59565c8be1dc163b1541fac9d90aa4e8af",
"created_at": 1738040364,
"kind": 1,
"tags": [
[
"t",
"Subaru"
],
[
"t",
"Mozilla"
]
],
"content": "Monday edition of *Car privacy is an absolute nightmare*:\nhttps://m.primal.net/ODrS.png \n\nSubaru's employee portal holds a year's worth of location data for all internet-connected cars. https://m.primal.net/ODrt.png \n\nWe know this because it was vulnerable (now fixed). You could pull a year's worth of driving just with a license plate.\n\nhttps://m.primal.net/ODrn.png \nProps to Sam Curry \u0026 Shubham Shah for exposing it. Pic is a years' worth of Sam's mom's #Subaru locations.\n\nI seriously doubt any owner has a clear idea that this data is being collected on them. \n\nBut the same thing is replicated for almost every car mfr (see the #Mozilla foundation report on car privacy link)\n\nLiterally no car owner has asked for their whip to be turned into a surveillance portal.\n\nAnd yet..\n\nCar companies feel basically no pressure to do right by customers, but experience a lot of incentives to mine their movements for money.\n\nSidenote: same (now closed) vulnerability also enabled remote unlocks \u0026 starts and a bunch of other highly undesirable things.\n\nReading list:\n\nThe Subaru research: https://samcurry.net/hacking-subaru\n\nNews report on it: https://www.wired.com/story/subaru-location-tracking-vulnerabilities/\n\nMozilla Foundation's key investigation into car privacy: https://foundation.mozilla.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/\n\n",
"sig": "fe4d64b1382e20f6fe658b928b59542ac72a5ec8eeac594af0088d57f08e19d97d2ed40b80da69d4e0ab6255a0bbac19322b5f33fbc1ad690a6bfd0293520638"
}
