{ "id": "976772d043f90a955670d501770a36490464916a012e5281be8b6b103b659ead", "pubkey": "17538dc2a62769d09443f18c37cbe358fab5bbf981173542aa7c5ff171ed77c4", "created_at": 1737648278, "kind": 9802, "tags": [ [ "r", "https://samcurry.net/hacking-subaru", "source" ], [ "comment", "💀" ] ], "content": "Using the access provided by the vulnerability, an attacker who only knew the victim’s last name and ZIP code, email address, phone number, or license plate could have done the following:\n\nRemotely start, stop, lock, unlock, and retrieve the current location of any vehicle.\nRetrieve any vehicle’s complete location history from the past year, accurate to within 5 meters and updated each time the engine starts.\nQuery and retrieve the personally identifiable information (PII) of any customer, including emergency contacts, authorized users, physical address, billing information (e.g., last 4 digits of credit card, excluding full card number), and vehicle PIN.\nAccess miscellaneous user data including support call history, previous owners, odometer reading, sales history, and more.", "sig": "927b8236106a46d74cbe5e8f04dde328d570876691d0fb76a5e466737046904d0154ab52ae9729a4f163e80ad3f22be93e96b2e048253be0b9a10c5ef9172bb6" }