Bug in Mercedes-Benz app leaked car owners' data to other users

Humza

Posts: 1,026   +171
Staff member
Why it matters: While it's usual for automakers to enhance the car ownership experience of customers through car-connected mobile apps, the technology is susceptible to glitches and security risks, including one that resulted in multiple Mercedes-Benz owners having accidental access to other users' personal information.

With all the technology available on modern vehicles, car-connected apps tend to be one of the more useful features that, instead of gimmicks, offer real conveniences such as remote engine on/off, door lock/unlock and location tracking, among other benefits.

However, since they store personal information and track your car whereabouts to function properly, a security lapse can quickly become a big privacy concern, as TechCrunch reports of multiple Mercedes owners ending up with data of other users on their company's mobile app.

The issue was discovered last Friday when the app accidentally revealed the name, recent activity, phone numbers, location data and other information of another customer to owners, including one in Seattle.

Luckily, features such as real-time location and door lock/unlock didn't seem to work, and the affected customers were told to "delete the app" when they contacted a customer service representative of the company.

"I got in contact with the person who owns the car that was showing up,” a customer told TechCrunch. “I could see the car was in Los Angeles, where he had been, and he was in fact there," he added. The problem was reported shortly before Mercedes took the app down for maintenance.

"There was a short interval [Friday[ during which incorrect customer data was displayed on our MercedesMe app," said Donna Boland of Daimler, Mercedes' parent company. "The information displayed was cached information — not real-time access to the account, no financial info was viewable nor was it possible to interact with, or determine live location of, the vehicle associated with the account," she noted.

The issue has since been identified and resolved, says Donna, as the app went online sometime later with no further reports of a similar incident.

Permalink to story.

 
Let's connect every vehicle to the internet! What could possibly go wrong!?

They seriously need to allow these vehicles to have their cellular modem turned off and connect to the driver's home WiFi as an alternative option...
 
Back