acm-header
Sign In

Communications of the ACM

ACM TechNews

Security Breach in Israeli-Made Waze Lets Hackers Stalk ­sers


View as: Print Mobile App Share:
Screen capture of a Waze video clip illustrating the thinking behind the application.

Researchers at the University of California, Santa Barbara have determined a way to breach the Waze road navigation application.

Credit: Waze

University of California, Santa Barbara professor Ben Zhao and colleagues have demonstrated a way to breach the popular Waze road navigation application.

The researchers were able to reverse-engineer the coding Waze uses to communicate with users' cellphones by diverting the phone running the app and making it communicate directly with their own computers. The team used the code to write software that could send instructions to the Waze servers, filling the system with virtual "ghost cars," which could be used to create fake traffic jams or monitor real drivers located around the virtual vehicles.

Waze issued an update after receiving a warning from the team in 2014, but the researchers say they were still able to track users. "Anyone could be doing this [tracking Waze users] right now," Zhao says. "It's really hard to detect."

Waze has an estimated 50 million users worldwide, and Zhao also warns the method could be used on other social networking apps that rely on users sharing information. "It's a massive privacy problem," Zhao says.

Waze users who select the option of going "invisible" are not vulnerable to the attack.

From The Times of Israel
View Full Article

 

Abstracts Copyright © 2016 Information Inc., Bethesda, Maryland, USA


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account