Subaru STARLINK Security Breach Investigation

Uncovering Potential Security Vulnerabilities in Subaru’s STARLINK System
​Recent findings by security researchers have brought to light potential vulnerabilities in Subaru’s STARLINK connected vehicle service. These alleged security gaps could expose vehicle functions and personal data to unauthorized access.​

Alleged Security Breach in Subaru’s STARLINK

On November 20, 2024, security researchers Sam Curry and Shubham Shah reportedly identified a vulnerability within Subaru’s STARLINK system. This flaw purportedly allowed unauthorized individuals to access vehicles and customer accounts across the United States, Canada, and Japan. According to the researchers, with minimal information—such as a victim’s last name and ZIP code, email address, phone number, or license plate—an attacker could potentially:

• Remotely start, stop, lock, or unlock the vehicle.​
• Retrieve the vehicle’s current location.​
• Access a complete location history from the past year, accurate to within 5 meters.
• Obtain personally identifiable information (PII) of any customer, including emergency contacts, authorized users, physical addresses, billing information (excluding full credit card numbers), and vehicle PINs.​
• Access miscellaneous user data, such as support call history, previous owners, odometer readings, and sales history.

It’s important to note that these findings are based on the researchers’ report and have not been independently confirmed by Subaru.

Potential Risks and Indicators of STARLINK Compromise in Your Subaru

If these vulnerabilities exist, affected individuals might experience:​

• Unauthorized Vehicle Access: Unexpected unlocking, engine starting, or other remote operations without the owner’s initiation.
• Privacy Intrusions: Unauthorized tracking of vehicle locations, leading to potential stalking or surveillance concerns.​
• Personal Data Exposure: Leakage of personal information, resulting in increased spam calls, phishing attempts, or suspicious activities on financial accounts.​

Monitoring for Suspicious Activity

Given that Subaru has not confirmed these STARLINK vulnerabilities, vehicle owners should remain vigilant for signs of unauthorized access or data breaches:​

• Vehicle Behavior: Be alert to any unexpected remote commands, such as the vehicle unlocking or starting without your input.​
• Account Activity: Monitor your Subaru account for unfamiliar changes or login attempts.​
• Personal Communications: An increase in unsolicited communications, such as spam calls or emails, could indicate that your personal information has been compromised.​
• Financial Monitoring: Regularly review bank statements and credit reports for unauthorized transactions or activities.​

How Class Action U Can Help

At Class Action U, our mission is to empower consumers to hold corporations accountable for negligence. If you suspect that your Subaru vehicle or personal data has been compromised due to these alleged vulnerabilities, we are here to support you. Our services include:​

• Information and Resources: Providing up-to-date information about potential class action lawsuits related to this issue.​
• Legal Assistance: Connecting you with experienced legal professionals who can guide you through the process of joining a class action lawsuit.​
• Advocacy: Working tirelessly to ensure that corporations are held responsible for failing to protect consumer rights and safety.​

By joining together, affected individuals can amplify their voices and seek the compensation they deserve. If you believe you’ve been impacted by this potential security breach, don’t hesitate to reach out to Class Action U for support and guidance.​

​Please note: The information regarding the STARLINK vulnerabilities in Subaru vehicles is based on reports from security researchers and has not been confirmed by Subaru. Vehicle owners are advised to stay informed and take necessary precautions to protect their personal information and vehicle security.