Hacking Subaru: Tracking and Controlling Cars via the STARLINK Admin Panel "Using the access provided by the vulnerability, an attacker who only knew the victim’s last name and ZIP code, email address, phone number, or license plate could have done the following: Remotely start, stop, lock, unlock, and retrieve the current location of any vehicle. Retrieve any vehicle’s complete location history from the past year, accurate to within 5 meters and updated each time the engine starts. Query and retrieve the personally identifiable information (PII) of any customer, including emergency contacts, authorized users, physical address, billing information (e.g., last 4 digits of credit card, excluding full card number), and vehicle PIN. Access miscellaneous user data including support call history, previous owners, odometer reading, sales history, and more." It's certainly not the first and it definitely won't be the last time an auto manufacturer is hacked. But look how easy it was to get all that info and access to the vehicle. If there was a company that could remotely unlock all the doors to your house without some sort of authorization from you (ie. a secret pin you supply or an auth code), you'd probably be concerned to. But somehow when a company can, without your authorization, lock/unlock/start/stop/track your car no one is concerned. Just weird and inconsistent behavior. Your car has an always-on cellphone inside it (the DCM). That cellphone can grant a remote user, whether it's the manufacturer, you, or a thief, full access to your vehicle.
Sorry, nothing new here - Any new car or old car that's 'on-star' capable can be hacked. The question is how much of the car's ECU is attached and can be remotely triggered. That's the double-edge sword of technology and convenience. You can't hack a hamster wheel and it doesn't turn without the hamster driving it....
