Today, most vehicle manufacturers in the US connect their vehicles to a type of network and delegate controls to mobile or web applications upon vehicle purchasing. Thankfully in the US, security research for consumer devices are now exempt from DMCA which enables us to audit and assess our connected vehicles. Like many devices in the IoT space, a single software bug in connected vehicles can compromise the entire ecosystem. In this talk, we will demonstrate the methodology used to discover and remotely exploit vulnerabilities in Subaru's STARLINK remote vehicle services, as well as discuss how car manufacturers can learn from these mistakes. After all, who needs car keys when your vehicle is "connected"?