A security flaw in the Mercedes app would display other users' data
Three days ago, the Mercedes app, the auto giant had a system bug.
Indeed, it happened that users could not access their data, but in return it could access those of other users.
According to statements made by owners of Mercedes-branded vehicles to TechCrunch media, they had been able to access the personal data of other Mercedes car owners instead of their own. On the Mercedes side it has been brought a confirmation on this flaw without having to give further details.
This article will also interest you: What if our GPS boxes become channels through which our cars are threatened?
That's when we remember that it's a tool to facilitate the use of vehicles, even though they are useful, also have enough drawbacks because of their many Vulnerabilities. Connected vehicles like any other another connected object does not escape this computer security problem. And cases like this time, it's the users' personal data that are exposed to many strangers.
This is a real concern when you know that there is no not so long ago, experts have been concerned about flaw connected televisions that allowed or could allow for potential espionage, he knew that today the problem could extend to vehicles connected too.
In addition, MercedesMe users, the application of the car company, which allows the vehicle to be started locate or open it, have assured that they have had access to the data in your face and Mercedes. When you know that The app allows Mercedes users to control the vehicle distance, what happens when a user is able to enter possession of someone else's data. So let's ask ourselves what really happened.
A regulator of a Mercedes residents in Seattle claiming that in wanting to use the app to access his car, he saw personal data relating to another user and their vehicle. he could thus see the recent activities of the the other user and its location. However, the parameters unlock or lock the vehicle, as well as the settings start the vehicle could not be operated since its mobile. Good side this user wanted to warn Mercedes of the flaw he had just discovered, the company only asked him to delete hearing that the problem is fully resolved.
This was not an isolated case as another user also had the same experience: "I contacted the user of the car that has been displayed on my app (…) I could see that the car had recently been to Los Angeles, where he was still in fact. ».
On the automotive firm's side: "There was an interval course where data from other users was displayed on our MercedesMe app (…) The information presented was not in real time, no financial information was available, it was also impossible to interact with the vehicle associated with the account or to determine its current location," explained Donna Boland, spokeswoman for Daimler's parent company.
Now access an unlimited number of passwords: