Why it matters: While it is popular for automakers to improve consumers ‘ car ownership experience through car-connected mobile apps, the software is vulnerable to failure and security risks, including one that has resulted in multiple Mercedes-Benz owners inadvertently accessing personal information from other users.
With all the technology available on modern vehicles, car-connected devices appear to be one of the most useful features offering real conveniences instead of gimmicks, such as remote on / off engines, door lock / unlock and position monitoring, among other advantages.
Nevertheless, because they store personal information and monitor the car’s whereabouts to function properly, a security breach could easily become a major privacy concern, as several Mercedes owners ‘ TechCrunch stories end up with other users ‘ data on the mobile app of their business.
The problem was discovered last Friday when the device accidentally revealed to users, including one in Seattle, the name, recent activity, phone numbers, location data and other customer information.
Fortunately, features such as real-time location and door lock / unlock did not seem to work, and when they contacted a company’s customer service representative, the affected customers were told to “delete the app.”
“I got in touch with the person who owns the car that was showing up,” said a customer to TechCrunch. “I could see the car was in Los Angeles, where it was, and he was still there,” he said. Shortly before Mercedes took down the application for maintenance, the problem was reported.
“There was a short interval [Friday[ during which incorrect customer data was displayed on our MercedesMe app,” said Donna Boland of Daimler, Mercedes’ parent company. “The information displayed was cached information — not real-time access to the account, no financial info was viewable nor was it possible to interact with, or determine live location of, the vehicle associated with the account,” she noted.
The issue has since been identified and resolved, says Donna, as the app went online sometime later with no further reports of a similar incident.