waze
Google has spoken out against claims that hackers are able to stalk users of its Waze GPS navigation system, branding the accusations “severe misconceptions,” and explaining in detail how the app collects, stores, and delivers user data.
On Tuesday, an article from Kashmir Hill of Fusion revealed that University of California-Santa Barbara researchers had found that a vulnerability within the Waze app that allowed them to create fake “ghost drivers” that can then monitor and track Waze users in their vicinity, one of which was Hill herself.
“Here’s how the exploit works,” Hill writes. “Waze’s servers communicate with phones using an SSL encrypted connection, a security precaution meant to ensure that Waze’s computers are really talking to a Waze app on someone’s smartphone. [Ben] Zhao [professor of computer science at UC-Santa Barbara] and his graduate students discovered they could intercept that communication by getting the phone to accept their own computer as a go-between in the connection.”
“Once in between the phone and the Waze servers, they could reverse-engineer the Waze protocol, learning the language that the Waze app uses to talk to Waze’s back-end app servers,” she added. “With that knowledge in hand, the team was able to write a program that issued commands directly to Waze servers, allowing the researchers to populate the Waze system with thousands of “ghost cars”—cars that could cause a fake traffic jam or, because Waze is a social app where drivers broadcast their locations, monitor all the drivers around them.”
In a blog post yesterday, though, Google refuted the idea that Waze users can be stalked in such a manner, assuring users that “user accounts were not compromised, there was no server breach and Waze account data is safe.”
The post goes on to detail how the system operates, stressing that strangers cannot find and follow other users on Waze, and that the examples used by the researchers were misleading since the people they followed were known by the researchers and that they had consented to their location and username being tracked.
“Nothing is more important than the relationships we’ve built with our drivers,” the Google post concludes, “and we look forward to continuing to build our global community in open conversation with all of you.”
The NZXT Lift 2 is an symmetrical mouse that goes the distance. Its lightweight design…
The MAG B650 TOMAHAWK WIFI is a gaming oriented ATX motherboard constructed around the latest…
Experience incredible performance, visuals, and efficiency when gaming and streaming with the AMD Radeon™ RX…
Welcome to the new era of performance. AMD Ryzen 7000 Series ushers in the speed…
Take a step into the future with the Z790 Gaming Plus Wifi motherboard, designed and…
The 990 EVO offers enhanced sequential read/write speeds up to 5,000/4,200 MB/s, and random read/write…