Flaw in Waze Navigation App Lets Hackers Track You

The users of a popular community-based traffic and navigation app could be the targets of stalkers thanks to a vulnerability in the app’s software. But the company says there’s an easy workaround for concerned users.
A team of computer science researchers at the University of California-Santa Barbara recently demonstrated how drivers using the GPS-based Waze could be monitored by hackers. Using a feature of Waze that displays nearby drivers in real time, one driver can get location information about another driver instantaneously, the researchers noted in a study.

Ghost Drivers

In testing the hypothesis, the team built hundreds of fake driver profiles that they used to monitor real Waze profiles and track their locations. They did this by learning how the app communicates with Waze’s backend servers, then using that information to reverse engineer the app’s process. The team then created a software program that could send commands to Waze’s servers, creating a fleet of nonexistent cars that could report the locations of real cars.

The Waze app, which was originally called Freemap, was developed in Israel by a startup company, then acquired by Google in 2013. The program runs on smartphones and tablets with display screens that provide turn-by-turn information and user-submitted travel times and route details over mobile networks. Waze lets users add phone numbers to the registration process to cater to users who prefer sharing their locations with phone book contacts instead of a wider audience.