Slashdot Mirror

← Back to Stories (view on slashdot.org)

Millions Of Waze Users Can Have Their Movements Tracked By Hackers (fusion.net)

Posted by BeauHD on from the psycho-killer dept.

An anonymous reader quotes a report from Fusion: Researchers at the University of California-Santa Barbara recently discovered a Waze vulnerability that allowed them to create thousands of "ghost drivers" that can monitor the drivers around them -- an exploit that could be used to track Waze users in real-time. Here's how the exploit works. Waze's servers communicate with phones using an SSL encrypted connection, a security precaution meant to ensure that Waze's computers are really talking to a Waze app on someone's smartphone. Zhao and his graduate students discovered they could intercept that communication by getting the phone to accept their own computer as a go-between in the connection. Once in between the phone and the Waze servers, they could reverse-engineer the Waze protocol, learning the language that the Waze app uses to talk to Waze's back-end app servers. With that knowledge in hand, the team was able to write a program that issued commands directly to Waze servers, allowing the researchers to populate the Waze system with thousands of "ghost cars" -- cars that could cause a fake traffic jam or, because Waze is a social app where drivers broadcast their locations, monitor all the drivers around them. You can read the full paper detailing the researchers' findings here. Is there a solution to not being tracked? Yes. If you're a Waze user, you can set the app to invisible mode. However, Waze turns off invisible mode every time you restart the app so beware.

3 of 55 comments (clear)

  1. Broken by design by Anonymous Coward · · Score: 3, Insightful

    This wouldn't be a problem if the app wasn't designed to track your whereabouts and broadcast them. I'm not sure I have much sympathy for anyone using the app who is surprised by this, since tracking you and sending your info to others is the app's stated purpose.

    1. Re: Broken by design by Anonymous Coward · · Score: 4, Insightful

      And that's a price I'm willing to pay if it means I can use the absolute best car navigation tool on the planet. It has saved me dozens of hours of time in traffic. I use it even when I know exactly where I am going because in Houston, you never know where the horrendous car accident which shuts down 3 lanes for an hour is going to be.

  2. Re:Solution to not being tracked? by jratcliffe · · Score: 5, Insightful

    I would argue that the point of Waze IS navigation, optimized for real-time conditions.