Your location and info when traveling around the city is one of the things that should be protected, among other things. But what if the app that you’re using to help you get to a place easier is the one that is unwittingly letting other nefarious entities know your whereabouts and itinerary. A group of researchers form the University of California, Santa Barbara said that they have discovered a vulnerability within the Waze app that may let the government, your stalker, or hackers monitor your travels.
Computer science professor Ben Zhao, who led the research team, said that this thing they have uncovered is a “massive privacy problem” if fully exploited. They created a middle-man system that was able to access the communication between the Waze app and a user’s smartphone. They put up “ghost drivers” and these were able to monitor the real drivers that were using the app. So this basically means that anyone who wanted to follow you or see where you’re going can do so just by exploiting this vulnerability.
Aside from the obvious violation of privacy implications, this also means that anyone can create “ghost cars” and then place them in areas just to trigger a high volume of traffic in that area, for one reason or another. That is the disadvantage of having a crowd-sourced service with social features, which is basically how Waze gathers information to guide us on our way. But if someone is able to manufacture these fake cars, then it will be hard to trust the information we get from the app.
The researchers have already informed Google’s security team about this vulnerability. Let’s hope they act fast or else the app’s reputation will be on the line, not to mention all the possible bad things that can happen when information falls into the wrong hands.
VIA: SlashGear
