Absolutely wild vulnerabilities over at Subaru:
The researchers were able to get into a Subaru admin account just by guessing the email, and bypassed the "security questions" because they were only checked in the browser.
Just... utter malpractice. No excuses.
(And then it turns out Subaru is storing precise location history of cars for at least a year, possibly indefinitely, and allows remote unlocks of the cars, from this terribly insecure website...)
Follow
@varx After the report given by Michael Barr in the Toyota unintended acceleration court case, you'd hope that the large companies (and really the software world in general) would have cleaned up their act, but recalls and revelations continue.
#DumbAllOver
