Latest in Gear

Image credit:

Waze hack lets creeps track your driving

It creates thousands of ghost drivers that pinpoint your location.
Jon Fingas, @jonfingas
April 26, 2016
Share
Tweet
Share

Sponsored Links

Waze's community-centric navigation is supposed to help you avoid obstacles that other apps might miss, but that same technology is also creating some serious privacy issues. UC Santa Barbara researchers speaking to Fusion have found an exploit that would let an intruder track your driving in real time. After reverse-engineering Waze's server code, the researchers found that they could create thousands of ghost drivers that monitor the real drivers around them -- they can even create virtual traffic jams. The trick only works when you have the app in the foreground (Waze turned off background location sharing in January) and breaks when you turn on the invisibility mode, but that's not going to be much comfort to drivers running the app non-stop during their commutes.

The team has been in touch with Waze about this issue for a while, and the Google-owned firm says it already tackled "some" of the concerns through some privacy protections. For instance, there's a "cloaking" system that's supposed to mask your actual location. However, it doesn't appear to be all that effective -- in a Fusion test, the UCSB group could trace a writer's journey in detail. Moreover, this exploit isn't limited to Waze. You could wreck a dating app by creating legions of robotic romantics, among other examples.

Waze is aware of the remaining flaws and hopes to fix them. Right now, one of the best options may simply be to put a limit on data requests so that one computer can't create a fleet of fake cars. And there isn't that much risk that you'll be tracked, since any would-be snoop will need a general idea of where you go to get started. If you're at all concerned that someone might want to study your movements, though, you'll want to either use that invisible mode religiously or use another app to get from A to B.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Windows XP source code leak sheds light on Microsoft's OS history

Windows XP source code leak sheds light on Microsoft's OS history

View
SpaceX scales back plans for Starship's first high-altitude flight

SpaceX scales back plans for Starship's first high-altitude flight

View
Sony WF-1000XM3 review: Simply the best true wireless earbuds

Sony WF-1000XM3 review: Simply the best true wireless earbuds

View
US slaps trade restrictions on China's top chipmaker

US slaps trade restrictions on China's top chipmaker

View
The best wireless workout headphones

The best wireless workout headphones

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr