University of California – Santa Barbara researchers discovered a vulnerability in Waze, the popular directions app, that allows hackers to track drivers. The research raises interesting themes around the security of social media applications, are you planning to cover the news? Here to comment on this news is Security Expert Deral Heiland.
Comment from Deral Heiland, Research Lead at Rapid7:
An oft-overlooked reality: Waze is a social media style application. This research points out a common concern related to all social media: if we are willing to share personal data — and in this case GPS location — the possibility of that data being abused exists.
Waze shows you other users in close proximity to you and their GPS location. The University of California- Santa Barbara researchers found that once a Waze user was identified, they were able to create and used ghostriders to echo the GPS location of the person they wanted to stalk, enabling the ghostrider to virtually follow the victim around, reporting back their GPS locations. This making this a very novel and potential concerning attack method, which many users of social media tools do not take into consideration when using an application like Waze.
Another important issue revealed in this research relates to the accuracy of the data. The researchers were successful in creating hundreds of fake Waze users, which they use to make it appear that there was a traffic jam. If such data is widely used and trusted, an attacker could leverage it to manipulate traffic patterns. Currently I find this a low risk, but in thinking about the expanding world of automation, and specifically autonomous vehicles, there could be a significant impact over time.
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Meta’s fine over data privacy breaches underscores the critical challenges…
Hi, Thanks, that is really useful information. I do have…
“This is a very worrying attack that hit T-Mobile and…
“This latest cyberattack against T-Mobile may be smaller than previous…
“Genesis Market is a complex global criminal access marketplace. Buyers…