Waze mapping software has a vehicle tracking vulnerability
April 29, 2016
Shah Sheikh (1294 articles)

Waze mapping software has a vehicle tracking vulnerability

Waze has a vulnerability that could allow a ghost vehicle to track the movements of other vehicles on the network, according to researchers at the University of California, Santa Barbara.

The researchers, mostly chaps called Wang, published their findings in a lengthy paper with the title Defending against Sybil Devices in Crowdsourced Mapping Services(PDF).

“Our experiments show that a single Sybil device with limited resources can cause havoc on Waze, reporting false congestion and accidents and automatically rerouting user traffic,” they wrote.

“More importantly, we describe techniques to generate Sybil devices at scale, creating armies of virtual vehicles capable of remotely tracking precise movements for large user populations while avoiding detection.”

Waze has taken offence to this accusation and posted a response to suggestions in the press about the impact of Sybil on its users.

“Today we received questions about a research report and subsequent news article which claimed that Wazer privacy could be compromised and users could be followed if a hacker exploited our network,” Waze said in a blog post.

“The Waze ecosystem is built on trust and deep respect for all of you. Real-time traffic [information] simply doesn’t work without the participation of our community, and we constantly review and add safeguards to protect our users.

“Please read further as we address a few severe misconceptions from related news coverage and explain how Waze thinks about privacy.”

We did and can confirm that the post does make an attempt to address the concerns. The firm thanked the researchers for some of the information all the same.

“We appreciate the researchers bringing this to our attention and have implemented safeguards in the past 24 hours to address the vulnerability and prevent ghost riders affecting system behaviour and performing similar tracking activities,” Waze said.

“None of these activities have occurred in real time and in real-world environments, without knowing participants.”

Source | Inquirer