Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 6 MINUTES AGO.
You are here: Home / Mobile Security / Waze Flaw Lets Hackers Track You
Flaw in Waze Navigation App Lets Hackers Track You
Flaw in Waze Navigation App Lets Hackers Track You
By Dan Heilman / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
MAY
01
2016
The users of a popular community-based traffic and navigation app could be the targets of stalkers thanks to a vulnerability in the app’s software. But the company says there’s an easy workaround for concerned users.

A team of computer science researchers at the University of California-Santa Barbara recently demonstrated how drivers using the GPS-based Waze could be monitored by hackers. Using a feature of Waze that displays nearby drivers in real time, one driver can get location information about another driver instantaneously, the researchers noted in a study.

Ghost Drivers

In testing the hypothesis, the team built hundreds of fake driver profiles that they used to monitor real Waze profiles and track their locations. They did this by learning how the app communicates with Waze’s backend servers, then using that information to reverse engineer the app’s process. The team then created a software program that could send commands to Waze’s servers, creating a fleet of nonexistent cars that could report the locations of real cars.

The Waze app, which was originally called Freemap, was developed in Israel by a startup company, then acquired by Google in 2013. The program runs on smartphones and tablets with display screens that provide turn-by-turn information and user-submitted travel times and route details over mobile networks. Waze lets users add phone numbers to the registration process to cater to users who prefer sharing their locations with phone book contacts instead of a wider audience.

How did Waze feel about the UC-Santa Barbara team’s findings? Not thrilled. On its blog, the Waze team refuted many of the researchers' points. The Waze team explained that there were some extenuating circumstances that made it easier for the researchers to find drivers, including that a local TV reporter gave the researchers her Waze username and starting location.

Waze said that no stranger would give another Waze user that kind of information, and that it’s entirely up to each Waze user how much information it makes available on the platform. "A stranger cannot search for [or] find your Wazer on the map and follow you," Waze said on its blog.

Fixes Created

The exploit found by the UC-Santa Barbara researchers works only when the user’s app is open and active, at which time the app can share the user’s location with other drivers, Waze said. The app can easily be run in the background or set to invisible mode to keep other drivers unaware of the user’s location, according to the company.

The same researchers had previously found that they could track drivers with the app closed and running in the background, but earlier this year Waze issued a fix that stopped background geo-tracking via the app.

Nonetheless, the researchers plan to discuss the exploit and share other details at MobiSys, an international conference dealing with mobile systems, applications and services. The conference is planned for Singapore in June.

Image Credit: Screenshot via Waze blog.

May Interest You:

New cars come equipped with safety systems. But how about all the other cars that are more than a year old? No worries... There are plenty of car safety features that are available, affordably, for ALL cars, not just new ones.

See products that are available for YOUR car at: Make My Car Safe, the premium online seller of car safety products for ALL cars.


Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN MOBILE SECURITY
ENTERPRISE SECURITY TODAY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.