Westfield has temporarily pulled Find My Car from its iPhone app after a security analyst showed he could monitor all cars parked in its Bondi Junction shopping centre.The retail giant’s action follows a blog by software architect Troy Hunt who found URLs containing the number plates of all cars at Westfield’s Bondi Junction centre were publicly accessible – no hacking was required.To read this report in The Australian in full, see:
www.theaustralian.com.au/australian-it/westfield-iphone-app-in-privacy-fiasco/story-e6frgakx-1226137939073Also see:Westfield Bondi caught in ‘find my car’ privacy flap
Westfield’s new mobile app has been caught leaking customers’ car number plate data onto the public internet, allowing for “anyone with the knowhow” to monitor when cars entered and exited its Bondi Junction shopping centre car park.Sydney software architect Troy Hunt discovered the leak and posted about it on his blog yesterday, saying the hole could have potentially been used by stalkers, a suspicious husband tracking his wife, an aggrieved driver holding a grudge from a nearby road rage incident and by a car thief with their eye on a particular vehicle.
www.smh.com.au/digital-life/cartech/westfield-bondi-caught-in-find-my-car-privacy-flap-20110915-1kask.html
www.theage.com.au/digital-life/cartech/westfield-bondi-caught-in-find-my-car-privacy-flap-20110915-1kask.html
Westfield iPhone app in privacy fiasco
Westfield has temporarily pulled Find My Car from its iPhone app after a security analyst showed he could monitor all cars parked in its Bondi Junction shopping centre.