Mercedes-Benz car owners have said that the app they used to remotely locate, unlock and start their cars was displaying other people’s account and vehicle information.

TechCrunch spoke to two customers who said the Mercedes-Benz’ connected car app was pulling in information from other accounts and not their own, allowing them to see other car owners’ names, recent activity, phone numbers, and more.

The apparent security lapse happened late-Friday before the app went offline “due to site maintenance” a few hours later.

It’s not uncommon for modern vehicles these days to come with an accompanying phone app. These apps connect to your car and let you remotely locate them, lock or unlock them, and start or stop the engine. But as cars become internet-connected and hooked up to apps, security flaws have allowed researchers to remotely hijack or track vehicles.

One Seattle-based car owner told TechCrunch that their app pulled in information from several other accounts. He said that both he and a friend, who are both Mercedes owners, had the same car belonging to another customer, in their respective apps but every other account detail was different.

benz app 2

Screenshots of the Mercedes-Benz app showing another person’s vehicle, and exposed data belonging to another car owner. (Image: supplied)

The car owners we spoke to said they were able to see the car’s recent activity, including the locations of where it had recently been, but they were unable to track the real-time location using the app’s feature.

When he contacted Mercedes-Benz, a customer service representative told him to “delete the app” until it was fixed, he said.

The other car owner we spoke to said he opened the app and found it also pulled in someone else’s profile.

“I got in contact with the person who owns the car that was showing up,” he told TechCrunch. “I could see the car was in Los Angeles, where he had been, and he was in fact there,” he added.

He said that he wasn’t sure if the app has exposed his private information to another customer.

“Pretty bad fuck up in my opinion,” he said.

The first customer reported that the “lock and unlock” and the engine “start and stop” features did not work on his app, somewhat limiting the impact of the security lapse. The other customer said they did not attempt to test either feature.

It’s not clear how the security lapse happened or how widespread the problem was. A spokesperson for Daimler, the parent company of Mercedes-Benz, did not respond to a request for comment on Saturday.

According to Google Play’s rankings, more than 100,000 customers have installed the app.

A similar security lapse hit Credit Karma’s mobile app in August. The credit monitoring company admitted that users were inadvertently shown other users’ account information, including details about credit card accounts and balances. But despite disclosing other people’s information, the company denied a data breach.



Source link

2319 COMMENTS

  1. Need to find effective advertising that doesn’t charge a fortune and gets amazing resuts? I apologize for sending you this message on your contact form but actually that was the whole point. We can send your advertising message to websites via their contact forms just like you’re getting this message right now. You can specify targets by keyword or just start mass blasts to websites in any country you choose. So let’s assume you want to blast a message to all the mortgage brokers in the US, we’ll grab websites for only those and post your ad message to them. As long as you’re advertising some kind of offer that’s relevant to that type of business then you’ll be blessed with awesome results!

    Write a quick note to alfred3545will@gmail.com to get details about how we do this

  2. hi,
    Hope you are doing well and fine

    If you`ll ever need New Local SEO strategies for 2020 to boost your local ranks for your website and google maps, updated to the latest 14 January google updates

    Please either consider my local SEO plan strategy
    https://www.ghostdigital.co/product/local-seo-package/

    or my new Google Maps 2020 promotion method
    https://www.ghostdigital.co/product/google-maps-citations/

    If you have multiple websites, I can offer great deals on bundle SEO plans
    Email me for more details

    thanks and regards
    Mike Dove
    ghostdigital.mike@gmail.com

  3. Drink 1 cup of this tomorrow morning will burn 3lbs of belly fat

    If you still haven’t tried this, you’ll want to to add this to your morning routine
    Drinking just a single cup of this delicious hot beverage in the morning sets up your metabolism to burn more fat than 55 exhausting minutes on the treadmill.

    In fact, some folks are losing up to 20 pounds of fat in just 20 days by drinking it daily every morning.

    Not to mention, it’s really simple to make right in your own kitchen.

    Take a look for yourself: http://www.fatbellyfix.xyz

  4. Are you looking for effective online promotion that has no per click costs and will get you new customers fast? I apologize for sending you this message on your contact form but actually that was kinda the point. We can send your ad copy to sites through their contact pages just like you’re getting this ad right now. You can specify targets by keyword or just fire off mass blasts to websites in the country of your choice. So let’s say you need to send an ad to all the contractors in the United States, we’ll scrape websites for only those and post your advertisement to them. As long as you’re advertising some kind of offer that’s relevant to that business category then you’ll get an awesome result!

    Send a quick message to paul5268jac@gmail.com for details on how this works

  5. 1 Cup of this tomorrow morning will get rid of 30 Lbs of belly fat

    If you still haven’t tried this, you’ll want to to add this to your morning routine
    Drinking 1 cup of this delicious hot beverage in the morning sets your body up to burn more fat than 55 exhausting minutes on the treadmill.

    In fact, some folks are losing up to 25 Lbs of fat in just 19 days by drinking it daily every morning.

    Plus, it’s super simple to make right in your own kitchen.

    Take a look here now!==> http://www.bellyfatfixer.xyz

  6. Whats Taking place i’m new to this, I stumbled upon this I’ve found It positively useful and it has aided me out loads. I’m hoping to give a contribution & assist different users like its helped me. Great job.

  7. Hey there, I just found your site, quick question…

    My name’s Eric, I found 404geekszone.com after doing a quick search – you showed up near the top of the rankings, so whatever you’re doing for SEO, looks like it’s working well.

    So here’s my question – what happens AFTER someone lands on your site? Anything?

    Research tells us at least 70% of the people who find your site, after a quick once-over, they disappear… forever.

    That means that all the work and effort you put into getting them to show up, goes down the tubes.

    Why would you want all that good work – and the great site you’ve built – go to waste?

    Because the odds are they’ll just skip over calling or even grabbing their phone, leaving you high and dry.

    But here’s a thought… what if you could make it super-simple for someone to raise their hand, say, “okay, let’s talk” without requiring them to even pull their cell phone from their pocket?

    You can – thanks to revolutionary new software that can literally make that first call happen NOW.

    Talk With Web Visitor is a software widget that sits on your site, ready and waiting to capture any visitor’s Name, Email address and Phone Number. It lets you know IMMEDIATELY – so that you can talk to that lead while they’re still there at your site.

    You know, strike when the iron’s hot!

    CLICK HERE http://www.talkwithwebvisitor.com to try out a Live Demo with Talk With Web Visitor now to see exactly how it works.

    When targeting leads, you HAVE to act fast – the difference between contacting someone within 5 minutes versus 30 minutes later is huge – like 100 times better!

    That’s why you should check out our new SMS Text With Lead feature as well… once you’ve captured the phone number of the website visitor, you can automatically kick off a text message (SMS) conversation with them.

    Imagine how powerful this could be – even if they don’t take you up on your offer immediately, you can stay in touch with them using text messages to make new offers, provide links to great content, and build your credibility.

    Just this alone could be a game changer to make your website even more effective.

    Strike when the iron’s hot!

    CLICK HERE http://www.talkwithwebvisitor.com to learn more about everything Talk With Web Visitor can do for your business – you’ll be amazed.

    Thanks and keep up the great work!

    Eric
    PS: Talk With Web Visitor offers a FREE 14 days trial – you could be converting up to 100x more leads immediately!
    It even includes International Long Distance Calling.
    Stop wasting money chasing eyeballs that don’t turn into paying customers.
    CLICK HERE http://www.talkwithwebvisitor.com to try Talk With Web Visitor now.

    If you’d like to unsubscribe click here http://talkwithwebvisitor.com/unsubscribe.aspx?d=404geekszone.com

  8. Good afternoon, I was just taking a look at your site and filled out your “contact us” form. The feedback page on your site sends you these messages via email which is why you are reading through my message at this moment correct? This is the most important achievement with any type of advertising, getting people to actually READ your ad and this is exactly what you’re doing now! If you have an ad message you would like to promote to thousands of websites via their contact forms in the US or anywhere in the world send me a quick note now, I can even target specific niches and my costs are super reasonable. Write an email to: trinitybeumer@gmail.com