A bug in the “Mercedes Me” app exposes the details of its users to other accounts, who were apparently able to retrieve this data on their device without having to provide any passwords. This app is supposed to help a Mercedes-Benz owner to check their tank level, locate their vehicle, plan a journey, pre-heat the engine, check the battery and the coolant level, check the tire pressures, and generally, get an overview of the car right from their mobile phones. However, people have been complaining that the app isn’t working correctly, which resulted in a poor review score of just 3.3 on the Play Store. That said, this privacy incident comes on top of a situation that was already pretty bad.
According to a report by TechCrunch, they received a tip from a Seattle-based owner of a Mercedes-Benz, telling them that he could pull the recent activity and locations of other accounts. Although he was unable to track the other owners in real-time, the implications of the exposure were still pretty severe. The man even tried to contact one of the other owners by using the logged contact details and confirmed that the car was indeed where he knew it to be, so the geolocation information was up to date.
Donna Boland, a representative of Daimler, the owner of the Mercedes-Benz brand, has made the following statement: "There was a short interval (on Friday) during which incorrect customer data was displayed on our Mercedes Me app. The information displayed was cached information — not real-time access to the account, no financial info was viewable nor was it possible to interact with, or determine the live location of the vehicle associated with the account. When we became aware of the issue, we took the system down, identified the issue and resolved it.”
More than 100000 Mercedes-Benz owners have installed the app, so the incident may have affected several thousands of individuals. As Daimler reassures publicly, there's no longer a reason to worry about this momentary flaw that resulted in the exposure of personal information to others. However, this goes to show the risks of using apps that connect you and your tools (including your car) with the cloud, in real-time. If you’re worried about the possibility of this happening, just revert from using apps like Mercedes Me.
Are you a user of the Mercedes Me app? Can you confirm the above? Let us know in the comments below, or join the discussion on our socials, on Facebook and Twitter.