Creepy stalkers are almost synonymous with social media these days, and Waze is no exception. The Google owned one-of-a-kind community navigation app has millions of users, who work together to offer the safest and fastest routes from point A to B. But the journey just got a little bumpy for Waze, as the latest research from University of California –Santa Barbara shows.
The research team has discovered a way to exploit code the app's code and pinpoint the location of a user by creating thousands of virtual users. By exploiting this bug, “ghost drivers” can be used to monitor other users around them, and intercept the location of real users. The vulnerability of the Waze app can also be used to feed false information into the system and create fake traffic jams, which pretty much defeats the entire purpose of the app.
While the privacy problem is massive, as Ben Zhao, professor leading the research suggests, it takes very little to patch things up. The simplest way to fix the “stalker bug
” is to enable invisibility mode, which breaks the exploit and renders it useless. Moreover, the exploit only works when the app is running in foreground mode, so no one can use the hack against you when you aren’t actively using the app.
Back in January, Waze disabled background location sharing, and the firm is also working on closing up the tiny loophole which makes the exploit possible. Developers at Waze are already working on a system designed to “cloak” the user’s location, and since there is no evidence that the loophole is being used for any malicious activities yet, you can take off your tinfoil hat for now.
While the exploit offers controllable damage on Waze, the bug itself could wreak havoc on other social apps. Creating thousands of virtual users and flooding dating apps is one among many other ways for hackers to destroy the experience for users. While Waze is working on fixing the exploit, be sure you enable the invisibility mode and stay safe on/off the road.
Image source: engadget.com