Google Refutes Claim That Hackers Can Stalk Waze Users

/ 7 years ago


Google has spoken out against claims that hackers are able to stalk users of its Waze GPS navigation system, branding the accusations “severe misconceptions,” and explaining in detail how the app collects, stores, and delivers user data.

On Tuesday, an article from Kashmir Hill of Fusion revealed that University of California-Santa Barbara researchers had found that a vulnerability within the Waze app that allowed them to create fake “ghost drivers” that can then monitor and track Waze users in their vicinity, one of which was Hill herself.

“Here’s how the exploit works,” Hill writes. “Waze’s servers communicate with phones using an SSL encrypted connection, a security precaution meant to ensure that Waze’s computers are really talking to a Waze app on someone’s smartphone. [Ben] Zhao [professor of computer science at UC-Santa Barbara] and his graduate students discovered they could intercept that communication by getting the phone to accept their own computer as a go-between in the connection.”

“Once in between the phone and the Waze servers, they could reverse-engineer the Waze protocol, learning the language that the Waze app uses to talk to Waze’s back-end app servers,” she added. “With that knowledge in hand, the team was able to write a program that issued commands directly to Waze servers, allowing the researchers to populate the Waze system with thousands of “ghost cars”—cars that could cause a fake traffic jam or, because Waze is a social app where drivers broadcast their locations, monitor all the drivers around them.”

In a blog post yesterday, though, Google refuted the idea that Waze users can be stalked in such a manner, assuring users that “user accounts were not compromised, there was no server breach and Waze account data is safe.”

The post goes on to detail how the system operates, stressing that strangers cannot find and follow other users on Waze, and that the examples used by the researchers were misleading since the people they followed were known by the researchers and that they had consented to their location and username being tracked.

“Nothing is more important than the relationships we’ve built with our drivers,” the Google post concludes, “and we look forward to continuing to build our global community in open conversation with all of you.”

Topics: , , , ,


By supporting eTeknix, you help us grow and continue to bring you the latest newsreviews, and competitions. Follow us on FacebookTwitter and Instagram to keep up with the latest technology news, reviews and more. Share your favourite articles, chat with the team and more. Also check out eTeknix YouTube, where you'll find our latest video reviews, event coverage and features in 4K!

Looking for more exciting features on the latest technology? Check out our What We Know So Far section or our Fun Reads for some interesting original features.

eTeknix Facebook eTeknix Twitter eTeknix Instagram eTeknix Instagram
  • Be Social With eTeknix

    Facebook Twitter YouTube Instagram Reddit RSS Discord Patreon TikTok Twitch
  • Features

Send this to a friend