Car-connected phone apps are a convenient and high tech way for drivers to locate and access their vehicles, but a glitch in the Mercedes-Benz app may have extended that convenience to locating someone else’s car entirely.
TechCrunch spoke to two Mercedes-Benz drivers who claim that their apps displayed account information for complete strangers’ cars, allowing them to access phone numbers and location data for people entire cities away.
The security lapse, which was discovered on Friday, occurred shortly before the Mercedes-Benz app was taken offline for maintenance. Before the shutdown, though, one of TechCrunch’s sources was able to call and alert the owner of the car whose information was displayed on his phone.
While the extent of the lapse is not currently known, a statement from Mercedes-Benz’s parent company Daimler acknowledged the error and said that “the information displayed was cached information — not real-time access to the account, no financial info was viewable nor was it possible to interact with, or determine live location of, the vehicle associated with the account.”
Since Friday, the app has come back online with no further reports of showing incorrect or improperly shared information.