Mercedes-Benz App Glitch Exposed Car Owners' Information To Other Users (techcrunch.com) 10
An anonymous reader quotes TechCrunch:
Mercedes-Benz car owners have said that the app they used to remotely locate, unlock and start their cars was displaying other people's account and vehicle information.
TechCrunch spoke to two customers who said the Mercedes-Benz' connected car app was pulling in information from other accounts and not their own, allowing them to see other car owners' names, recent activity, phone numbers, and more. The apparent security lapse happened late-Friday before the app went offline "due to site maintenance" a few hours later....
"There was a short interval [Friday] during which incorrect customer data was displayed on our MercedesMe app," said Donna Boland, a spokesperson for Daimler, the parent company of Mercedes-Benz.... "When we became aware of the issue, we took the system down, identified the issue and resolved it," she added.
TechCrunch spoke to two customers who said the Mercedes-Benz' connected car app was pulling in information from other accounts and not their own, allowing them to see other car owners' names, recent activity, phone numbers, and more. The apparent security lapse happened late-Friday before the app went offline "due to site maintenance" a few hours later....
"There was a short interval [Friday] during which incorrect customer data was displayed on our MercedesMe app," said Donna Boland, a spokesperson for Daimler, the parent company of Mercedes-Benz.... "When we became aware of the issue, we took the system down, identified the issue and resolved it," she added.
'Incorrect' customer data (Score:2)
Calling it incorrect customer data is one fine way of saying you were sharing the data of OTHER customers, Donna.
The got the tech in their back pocket ... (Score:2)
Re: (Score:2)
"We got the tech to beat Tesla in our back pockets. We just dont feel the size of the market really justifies any serious effort. When we come in, you would see us smoke Tesla out of its pants".
It's pure bullshit, of course. The German automakers have never been any good at electronic controls. They've always bought that stuff from Bosch, which has forgotten everything it ever knew about building reliable electronics since literally the 80s. In the 90s they had pathetic problems like connector wire bonding failures due to lack of adequate QC. Even simple Bosch parts like injector drivers are garbage now, I bought a cheap Chinese knockoff because the Bosch ones keep failing, and I've had good resul
Re: (Score:2)
OTA updates are *insane* for car control systems. Absolutely, batshit insane.
Update an onboard entertainment system, which has zero access to the CANbus (or whatever other bus Tesla might have)? OK.
I do *not* want my car to have wifi, 4G, or any way at all to connect to anything, ever. I have a phone for that, and an entertainment system can connect to it via bluetooth. There is no need to have this absurd, crazy, insane level of connectivity in our lives.
Someone hacks Tesla? Now every Tesla, on the 2n
Surveillance car (Score:2)
https://www.mbusa.com/content/dam/mb-nafta/us/mercedes-me-connect/Connected%20Vehicle%20Privacy%20Notice_24May_Updated.pdf [mbusa.com]
You can't opt out of surveillance
This make it sound optional:
But... (Score:2)
This is a GDPR breach (Score:2)
This seems to be happen more and more! (Score:2)
Lots of services. QA testing is awful these days. :(