Slashdot Mirror

← Back to Stories (view on slashdot.org)

Millions Of Waze Users Can Have Their Movements Tracked By Hackers (fusion.net)

Posted by BeauHD on from the psycho-killer dept.

An anonymous reader quotes a report from Fusion: Researchers at the University of California-Santa Barbara recently discovered a Waze vulnerability that allowed them to create thousands of "ghost drivers" that can monitor the drivers around them -- an exploit that could be used to track Waze users in real-time. Here's how the exploit works. Waze's servers communicate with phones using an SSL encrypted connection, a security precaution meant to ensure that Waze's computers are really talking to a Waze app on someone's smartphone. Zhao and his graduate students discovered they could intercept that communication by getting the phone to accept their own computer as a go-between in the connection. Once in between the phone and the Waze servers, they could reverse-engineer the Waze protocol, learning the language that the Waze app uses to talk to Waze's back-end app servers. With that knowledge in hand, the team was able to write a program that issued commands directly to Waze servers, allowing the researchers to populate the Waze system with thousands of "ghost cars" -- cars that could cause a fake traffic jam or, because Waze is a social app where drivers broadcast their locations, monitor all the drivers around them. You can read the full paper detailing the researchers' findings here. Is there a solution to not being tracked? Yes. If you're a Waze user, you can set the app to invisible mode. However, Waze turns off invisible mode every time you restart the app so beware.

2 of 55 comments (clear)

  1. Re:Slashdot is alarmist by Motherfucking+Shit · · Score: 5, Informative

    There are lots of stories about how the government is supposedly taking away our freedoms and a police state is coming. That police state hasn't happened.

    Last year in America, the police stole^Wconfiscated more money and belongings from citizens through civil forfeiture than burglars stole. America has secret courts issuing secret warrants and serving secret orders that no one is allowed to talk about. Police are driving around using secret equipment to intercept cellphone calls and text messages, demonstrably without warrants. Cops in Chicago arrest and "disappear" citizens into a black hole of a dungeon facility called Homan Square, without even their lawyers being told where they are.

    If you don't see the police state, you simply aren't fucking looking.

    They run lots of stories about how Microsoft is tracking people and doing bad things with data collected through telemetry. That hasn't happened.

    How do you know? None of us have any idea what Microsoft is doing with that data.

    --
    "BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
  2. Re:Solution to not being tracked? by 110010001000 · · Score: 4, Informative

    Really? The point of Waze is not navigation. It is real time alerts on the presence of police, traffic, disabled vehicles, etc.