Security researchers have discovered an arbitrary account takeover flaw in Subaru’s Starlink service that could let attackers track, control, and hijack vehicles in the United States, Canada, and Japan using just a license plate.

Curry says Subaru patched the vulnerability within 24 hours of the researchers’ report and was never exploited by an attacker.