• Free CIO-level whitepapers



    [ad] Check out these whitepapers published by IDC and HP to help you make tough decisions about your IT environment.

    Leveraging the Always On support experience for IT transformation: This IDC whitepaper outlines the importance of support services in IT environments. IT organisations are now required to support everything from legacy systems and storage to virtualised configurations and cloud-based computing in complex, heterogeneous environments. The increasingly critical role of vendor-supplied external support services is discussed and highlighted in addressing these emerging IT environments going forward.

    Conquering the challenges of data center complexity: Virtualisation and cloud are two popular IT trends that lower costs and make computing more secure and efficient. However, they also add complexity. Read this thought leadership paper and learn new ways to conquer your data center complexity challenges.

  • Great articles on other sites

  • RSS Delicious/delimiterau


  • Save up to $200 on ThinkPad laptops



    [ad] Lenovo ThinkPad Edge laptops boast best-in-class voice and video conferencing capabilities to help you stay in touch and HDMI, stereo speakers and a HD screen to keep you entertained on-the-go. Grab this coupon and save up to $200 each on each laptop.

  • 5 months FREE on phone system rental



    [ad] Rent a new phone system and connect your phone lines with Commander to receive 5 months rent free. Why rent with Commander?

    -Tailored complete solutions
    -Great offers from leading phone system brands
    -Rental & communication on a single bill
    -Renting systems conserves cash flow

    Hurry – act before 30 June!

    • News - Written by on Wednesday, September 14, 2011 17:42 - 10 Comments

    Westfield Australia ‘Find My Car’ privacy blunder uncovered

    Tags: , , ,

    Find My Car in Westfield's iPhone app

    An embarrassing blunder has been discovered with Westfield’s ‘Find My Car’ feature announced in July, that allowed anyone to access images taken using its ParkAssist technology using a public API.

    The issue, discovered by software architect and Microsoft MVP Troy Hunt, revolves around the application programming interface (API) that Westfield was using to power the license plate search for its Bondi complex, provided by ParkAssist.

    The API gave Westfield the ability to provide a new feature in its iPhone application – downloaded more than 83,000 times — that allowed visitors to its Bondi complex find their car in the car park by simply typing in their license plate.

    However as Hunt discovered using tools such as Fiddler, the API for the service wasn’t protected at all, potentially allowing anyone access to information provided by the service outside of the iPhone app.

    “What this means is that anyone with some rudimentary programming knowledge can track the comings and goings of every single vehicle in one of the country’s busiest shopping centres,” Hunt wrote in a lengthy post detailing the vulnerability.

    “Whilst I’m by no means a strong privacy advocate, something about this just doesn’t sit quite right with me.”

    Images of the cars weren’t the only information available through the API — according to Hunt, it was also possible to gain access to the license plate in text and the time of arrival of a car in a parking space, or even the entire carpark.

    Westfield said in a statement this afternoon that it had only been made aware of the authentication issue by provider ParkAssist this morning, and that it was working on a solution with the company, in the meantime disabling the car finding functionality.

    “This issue has been addressed immediately by Park Assist and the Find My Car functionality will be not be available for approximately one week until the app has been modified to ensure that data cannot be publicly assessable online,” a spokesperson for the company said.

    On the more broader topic of privacy concerns raised by the car finding functionality, Westfield says it doesn’t believe the app contravenes Australian privacy laws, with license plates not considered “personal information” under the act.

    “The application theoretically could be used for purposes other than its original intention, however it does not facilitate any activity that couldn’t already happen otherwise,” the spokesperson said, before mentioning in extreme cases police may request access to the application to “assist in their enquiries”.

    Westfield said it plans to introduce the Find My Car tool into “future” complexes in Australia, with visitors to existing Australian complexes able to mark their parking spots manually.

    Image Credit: Westfield

    Related posts:

    1. Google grilled in privacy enquiry
    2. Privacy Commissioner still won’t talk OzLog
    3. Google didn’t collect bank data: Privacy Commissioner
    4. CBA’s Kaching app raises privacy concerns
    5. VHA breached Privacy Act, says Commissioner
    		 submit to reddit Print Friendly and PDF

    10 Comments

    You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

    1. grum
      Posted 14/09/2011 at 7:46 am | Permalink | Reply

      I wish this wasn’t announced. How am I supposed to stalk my ex now??

      • PeterA
        Posted 15/09/2011 at 1:45 am | Permalink | Reply

        You still can, you just have to use the iPhone app to do it now, instead of your custom built API accessing program.

        • Josh
          Posted 15/09/2011 at 5:57 am | Permalink | Reply

          So much less convenient and so much less of a privacy issue using an iPhone app.

    2. Terry Green
      Posted 14/09/2011 at 7:55 am | Permalink | Reply

      There is of course a simple solution to this problem, remember where you parked, seriously it’s not that difficult.

      • Dean Harding
        Posted 15/09/2011 at 5:48 am | Permalink | Reply

        Unfortunately not, since it’s tracking your license plate whether you want it to or not… Of course, you could just not shop at Bondi Westfield (or come by public transport).

        • Terry Green
          Posted 15/09/2011 at 7:25 am | Permalink | Reply

          Well I’m on the Central Coast so won’t be shopping at Bondi anytime soon, and the only time we have any real trouble with parking is during tourist season

    3. Toby Allen
      Posted 15/09/2011 at 1:01 am | Permalink | Reply

      I think its a great idea. Although I do agree its not that hard to remember where you parked. That being said it was only a matter of time for something like this to happen.

      Also, grum, you can still stalk your ex, just enter her number plate and see if she is in the shopping center and then wait by the car.

    4. Anonymous
      Posted 15/09/2011 at 1:09 am | Permalink | Reply

      I don’t think Australian car parks are big enough to forget where you parked.

      • Clinton O'Hara
        Posted 15/09/2011 at 4:27 am | Permalink | Reply

        after just having returned from malaysia and parking in places such as the KLCC and Gurney plaza and queensbay mall, i would have to agree with you 100%.

        place like that have multi level parking that can only be access from certain escalators or lifts and even then they have things like half levels. it can be a real task to locate your car.

        australian parking lots are a piece of piss.

        • Anonymous
          Posted 15/09/2011 at 11:58 pm | Permalink | Reply

          haha yeah the multi story carparks in Malayasia are evil

    Leave a Comment

    Comment

    Get our daily newsletter

    Get our new articles every day by signing up to our daily newsletter.

    Email address:



  • Anonymous tips

    Got some inside information on something that should be made public? Use our anonymous tips form. Even Delimiter won't have a clue as to your real identity.

    • Most Popular Content


  • Three lessons ING's private cloud teaches us
    sponsored post ING Direct recently implemented a private cloud solution to virtualise its entire banking platform, allowing it to provision a new copy of itself -- a so-called 'bank in a box' -- within minutes. Here's three things other organisations can learn from this interesting deployment.

  • Enterprise IT news & views

    • The ABC didn’t sack Bitcoin miner dollar-coin

      The Australian Broadcasting Corporation didn’t fire an un-named IT worker who attempted to use the broadcaster’s vast server infrastructure to make himself a fortune through the Bitcoin virtual currency system, it has emerged, with the employee merely being disciplined and having their access to certain IT systems restricted.

    • Victoria dumps HealthSMART e-health project pills-2

      The Victorian State Government has reportedly decided to walk away from its troubled central electronic health project HealthSMART, which has reached only a limited number of its goals over the past decade since it was initiated, despite soaking up several hundred million dollars worth of government funding.

    • HP completes giant new NSW datacentre 1

      Global technology giant HP has finished building its colossal $119 million new datacentre in Western Sydney and will launch the “world-class” facility next month, with a speech slated to be given by Communications Minister Stephen Conroy.

    • Microsoft beats Salesforce to utility CRM deal microsoft1

      Energy retailer Australian Power & Gas has picked Microsoft’s Dynamics CRM system over rivals Salesforce.com and Right CRM as the base platform for a customer relationship management overhaul to tackle incoming email complaints.

    • NSW finalises colossal datacentre consolidation cableguy

      The New South Wales State Government this week announced the Leighton subsidiary Metronode as the winner of its long-running and wide-ranging datacentre overhaul project, with the company to construct two new substantial facilities which will allow the state to consolidate its IT operations drastically.

    • Two good Australian CIO interviews IT-manager-cio

      There have been a couple of good interviews with Australian chief information officers done by various media outlets over the past couple of days — good enough that we thought them worth highlighting to readers on Delimiter.

    • Three lessons ING’s private cloud teaches us Cloud computing

      If you could provision a new copy of your organisation’s entire internal application environment for development purposes in just ten minutes, and you could do whatever you liked with it, what sort of new systems and processes would you build?

    • SAP considers Aussie datacentre sap1

      The Financial Review has reported that German software giant SAP is likely to build an Australian datacentre to provide services to Australian organisations, should new privacy legislation pass that could affect vendors’ ability to sell cloud computing services locally from global facilities.

    • Enterprise IT, News - May 21, 2012 13:32 - 15 Comments

    The ABC didn’t sack Bitcoin miner

    More In Enterprise IT


    Blog Enterprise IT

    News, Telecommunications - May 21, 2012 10:48 - 5 Comments

    iiNet ramps up Internode digestion

    More In Telecommunications


    News Telecommunications

    Gadgets, News - May 21, 2012 12:32 - 5 Comments

    Galaxy S III listed for Telstra, Optus and Vodafone

    More In Gadgets


    Blog Gadgets Intellectual Property

    Reviews - May 7, 2012 18:16 - 2 Comments

    Telstra Mobile Wi-Fi 4G: Review

    More In Reviews


    Reviews