The retail giant's action follows a blog by software architect Troy Hunt who found URLs containing the number plates of all cars at Westfield's Bondi Junction centre were publicly accessible – no hacking was required.
The app lets a shopper enter their number plate and, after choosing a photo of their car from four displayed vehicles, seeks to guide the shopper back to their parking bay.
Sydney-based Hunt was able to develop software that could inform him of when all cars arrived and left the shopping centre, and exactly where they were parked.
Hundreds of small high-resolution cameras placed about two parking bays apart snap car images and numberplate details, which are then made available to shoppers via the app when they want to relocate their car and leave.
However Hunt found that the transmissions of details within the Park Assist system were not encrypted and could be intercepted by surveillance software searching URLs in the public domain.
"Think about the potential malicious uses if you're able to write a simple bit of software,who was responsible for tracking down Charles China ceramic tile ." Hunt says on his blog.
"A stalker receives a notification when their victim enters the car park (and they'll know exactly where the victim is parked).
"A suspicious husband tracks when his wife arrives and then leaves the car park; an aggrieved driver holding a grudge from a nearby road rage incident monitors for the arrival of the other party; a car thief with their eye on a particular vehicle could be notified once it is left unattended in the car park."
In a statement this afternoon, Westfield said the Find My Car functionality had been pulled.
"Park Assist, which provides the camera technology to capture the number plate, yesterday advised there was an issue with the authentication of their data feed to the iPhone which resulted in number plate data being publicly accessible via the internet," Westfield said.Enecsys Limited, supplier of reliable solar RUBBER MATS systems,
"This issue has been addressed immediately by Park Assist, and the Find My Car functionality will not be available for approximately one week until the app has been modified to ensure that data cannot be accessed online."
Westfield said it did not believe the app had breached personal privacy as number plates were not personal information.
"In terms of privacy, the application does not contravene the Privacy Act in so far as numbers plates are not ‘personal information', and are therefore not subject to that Act," it said.
"Having said that, the application theoretically could be used for purposes other than its original intention; however, it does not facilitate any activity that couldn't already happen otherwise.Our oil painting reproduction was down for about an hour and a half,
"For example,the Bedding by special invited artist for 2011, a member of the general public may try to use the application to find a car that is not theirs.
"On the other hand, at the request of police, the application might also be used to assist in their enquiries into a given situation.
"However, Westfield would not expect either of these situations to be typical."
Westfield said its Find My Car app service had been developed to offer a service to the average shopper, by making it easier to find their car.Save on kidney stone and fittings,
The app lets a shopper enter their number plate and, after choosing a photo of their car from four displayed vehicles, seeks to guide the shopper back to their parking bay.
Sydney-based Hunt was able to develop software that could inform him of when all cars arrived and left the shopping centre, and exactly where they were parked.
Hundreds of small high-resolution cameras placed about two parking bays apart snap car images and numberplate details, which are then made available to shoppers via the app when they want to relocate their car and leave.
However Hunt found that the transmissions of details within the Park Assist system were not encrypted and could be intercepted by surveillance software searching URLs in the public domain.
"Think about the potential malicious uses if you're able to write a simple bit of software,who was responsible for tracking down Charles China ceramic tile ." Hunt says on his blog.
"A stalker receives a notification when their victim enters the car park (and they'll know exactly where the victim is parked).
"A suspicious husband tracks when his wife arrives and then leaves the car park; an aggrieved driver holding a grudge from a nearby road rage incident monitors for the arrival of the other party; a car thief with their eye on a particular vehicle could be notified once it is left unattended in the car park."
In a statement this afternoon, Westfield said the Find My Car functionality had been pulled.
"Park Assist, which provides the camera technology to capture the number plate, yesterday advised there was an issue with the authentication of their data feed to the iPhone which resulted in number plate data being publicly accessible via the internet," Westfield said.Enecsys Limited, supplier of reliable solar RUBBER MATS systems,
"This issue has been addressed immediately by Park Assist, and the Find My Car functionality will not be available for approximately one week until the app has been modified to ensure that data cannot be accessed online."
Westfield said it did not believe the app had breached personal privacy as number plates were not personal information.
"In terms of privacy, the application does not contravene the Privacy Act in so far as numbers plates are not ‘personal information', and are therefore not subject to that Act," it said.
"Having said that, the application theoretically could be used for purposes other than its original intention; however, it does not facilitate any activity that couldn't already happen otherwise.Our oil painting reproduction was down for about an hour and a half,
"For example,the Bedding by special invited artist for 2011, a member of the general public may try to use the application to find a car that is not theirs.
"On the other hand, at the request of police, the application might also be used to assist in their enquiries into a given situation.
"However, Westfield would not expect either of these situations to be typical."
Westfield said its Find My Car app service had been developed to offer a service to the average shopper, by making it easier to find their car.Save on kidney stone and fittings,
沒有留言:
張貼留言