Subaru disables Starlink on ’22+ models in Massachusetts

A little about my background, we have a BS in Criminal Justice Cybercrime, an MS in Information Technology. Currently, we are in our PhD in Information Assurance and Cyber ​​Security Management.
In the case of Massachusetts, which may eventually have a knock-on effect on the state itself, their goal, sadly misguided, was to compel access to the sensitive telemetry and encryption data used in all Subaru cars now for the 2022 model year and beyond.

There are cyber security encryptions used in the communication system of all Subarus using Starlink that keep user data safe; while simultaneously maintaining performance data of the engine, braking, transmission and vision systems used within the vehicle. All data and software are proprietary.

Because of the telemetry, the data is used by Subaru to improve the control systems of their vehicles. The information is not just for used vehicles in Massachusetts, but those used anywhere in the world.

By having access outside of the “shop,” personal data and information would put the vehicle owner at risk if said data were obtained without their consent or a lawful court order. A court order is required to access Subaru’s black boxes in the event of a crash investigation or other legal requests under United States Supreme Court (USSC) rulings involving 4th Amendment search and seizure .

Trying to force Subaru to allow outside shop access would essentially be an attempt to gain access to the Subaru Maintenance and Engineering network, which is encrypted and requires specialized software to engage.

That being said, Subaru took the logical course of action to prevent attempts to breach their Subaru maintenance network, which would also secure sensitive data and information systems. We can note that Tesla is in the same way and will not allow external shops to access their network systems.

For those living in Massachusetts, one is likely to see a (USSC) decision on the validity of the law at some point, and my view is that the state law is unconstitutional on several grounds, including patent infringement violations, design accessibility, and privacy violations due to the nature of the software and hardware that are engaged within a Subaru. A store, while one would hope to act in good faith, may share and distribute obscene, unencrypted data from the machine.

There has been growing concern recently with wrecked and totaled Tesla cars that have been found to contain data that includes interior and exterior video that can be accessed with interface devices costing less than $1,000. The video footage included crashes and their aftermath, some of which were fatal. There are also concerns about audio recordings inside some cars.

So, despite the desire to be able to pick up a Subaru at an outside shop, the data storage benefits are and should be considered more important.

Source link

We will be happy to hear your thoughts

Leave a reply