[…]To root any 2017+ Subaru StarLink head unit, an attacker needs the following to generate valid update images:
1. A Subaru head unit with serial and USB port access.
2. The encryption keys for the update files.
3. An official update. These seem to be available for most platforms in many different ways. Without the official update, the ISO signature check will fail and the install will not continue to the stage where the QNXCNDFS files are written.
4. Physical access to the vehicles USB ports.[…]
https://nvd.nist.gov/vuln/detail/CVE-2018-18203
https://github.com/sgayou/subaru-starlink-research/blob/master/doc/README.md
Firmware Security 