A Dutch electronics designer recently discovered a vulnerability in the key fob system used by several models of Subaru vehicles. The vulnerability results from the use of sequential codes for the affected cars’ locking mechanism and other functions. If exploited, it could allow a local threat actor to create a fully-functional duplicate of the key fob and result in the unauthorized use or theft of the targeted vehicle. The models affected include: 2006 Subaru Baja, 2005-2010 Subaru Forester, 2004-2011 Subaru Impreza, 2005-2010 Subaru Legacy, 2005-2010 Subaru Outlook. There is currently no fix available and Subaru has not yet responded to the vulnerability report. The NJCCIC recommends owners and operators of affected Subaru vehicle models read Bleeping Computer’s article and contact their dealership to inquire about a resolution.

AdvisoryNJCCICSubaru, Auto