Skip to content
Subaru StarLink persistent root code execution.
Branch: master
Clone or download
Latest commit d1f4854 Aug 23, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
doc Fixed another typo. Aug 23, 2019
images
LICENSE final Nov 28, 2018
README.md final Nov 28, 2018

README.md

Jailbreaking Subaru StarLink

Rooting the latest generation of Harman head units running on newer Subaru vehicles.

See doc/README.md for the write-up.

CVE-2018-18203

A vulnerability in the update mechanism of Subaru StarLink head units 2017, 2018, and 2019 may give an attacker (with physical access to the vehicle's USB ports) the ability to rewrite the firmware of the head unit. This vulnerability is due to bugs in the signature checking implementation used when verifying specific update files. An attacker could potentially install persistent malicious head unit firmware and execute arbitrary code as the root user.

Jailbroken head unit

You can’t perform that action at this time.