New blog post with [@infosec_au](https://bird.makeup/users/infosec_au ):
We found a vulnerability in Subaru where an attacker, with just a license plate, could retrieve the full location history, unlock, and start vehicles remotely.
The issue was reported and patched.
Full post here: https://samcurry.net/hacking-subaru
Sam Curry
npub1sk…6yqky
2025-01-23 12:16:39 UTC
Author Public Key
npub1ska0sfycy0dmea5w25gw3wzv7re24sj7rt3wy6d56slzvyzawc3sf6yqkySeen on
wss://relay.momostr.pinkPublished at
2025-01-23 12:16:39 UTCEvent JSON
{
"id": "47ebaadadd7dfceb5f5a3d14bb768d43132c6f7334355e8b7e5887fa61d012e2",
"pubkey": "85baf8249823dbbcf68e5510e8b84cf0f2aac25e1ae2e269b4d43e26105d7623",
"created_at": 1737634599,
"kind": 1,
"tags": [
[
"proxy",
"https://bird.makeup/users/samwcyo/statuses/1882402060815245543",
"web"
],
[
"p",
"ebc0570ab8ae75c8aae401833f8ca185365fa961444182b372d97f37fdeb91b0"
],
[
"proxy",
"https://bird.makeup/users/samwcyo/statuses/1882402060815245543",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://bird.makeup/users/samwcyo/statuses/1882402060815245543",
"pink.momostr"
],
[
"-"
]
],
"content": "New blog post with [@infosec_au](https://bird.makeup/users/infosec_au ):\n\nWe found a vulnerability in Subaru where an attacker, with just a license plate, could retrieve the full location history, unlock, and start vehicles remotely.\n\nThe issue was reported and patched.\n\nFull post here: https://samcurry.net/hacking-subaru",
"sig": "fc97a05f59a0aad2b4a2102c425e88eaaad0ac5c5d9f40dcf0dc7c885489c3193af5dc085e9ca3ca94e2df448ae89a998b28d5602da40af009c713a4ba57a0e4"
}