The innovative Find My Car feature on Westfield’s smartphone app has been temporarily disabled after a Sydney-based online security expert discovered publicly accessible information that allowed anyone to know exactly when cars entered and exited the shopping centre’s car park.
In a blog posted earlier this week, software architect Troy Hunt revealed anyone could monitor the comings and goings of cars from the Bondi Junction Westfield car park because the number plate details were published to a public website.
Within hours, the developers of Find My Car, Park Assist, pulled the service. Westfield general manager of marketing, John Batistich, confirmed the app’s Find My Car function would be unavailable for around one week while further tests into its security were conducted.
Westfield’s Find My Car became an Australian-first last month when it was launched at the Bondi Junction complex. The system uses a series of high-resolution cameras placed throughout the car park to take photographs of vehicle licence plates.
It is intended to help shoppers locate their cars and find the quickest route back to them, simply by searching for their number plate in the app and following an automatically generated map. Users select from images of four vehicles with licence plates similar to their search input.
But Mr Hunt said the system, as he found it, gave a disturbing level of access to undesirable people. He said a simple bit of software would allow a stalker to receive notification when their victim entered a car park and exactly where they parked. He also suggested an aggrieved road rage victim could monitor the system for the arrival of the other car, or could let a car thief know when a particular vehicle was left alone in the car park.
Despite the concerns over privacy, Westfield plans to switch the Find My Car feature back on next week once the current loophole is removed.
“In terms of privacy, the application does not contravene the Privacy Act in so far as numbers plates are not ‘personal information’, and are therefore not subject to that Act,” Mr Batistich said in a statement.
“Having said that, the application theoretically could be used for purposes other than its original intention; however, it does not facilitate any activity that couldn’t already happen otherwise.”
Mr Hunt offered his support in the testing of the relaunched program, an offer that Mr Batistich accepted on behalf of the company.
Westfield intends to roll out the Find My Car technology across its entire Australia network of shopping complex car parks in coming years.
What do you think? Even once the loophole is plugged, do you think this technology represents an invasion of privacy? Or do you think it is a handy feature that simply needs to be fine-tuned? Let us know your thoughts in the comments section below.