Users of Google's navigation app Waze seem to be at risk of being followed, as a discovered vulnerability in the app could allow hackers to stalk the users of the app in real-time, a group of researchers from the University of California has found.
The researchers reverse-engineered Waze's server code and discovered that thousands of "ghost drivers" could be created on Waze's systems, which can monitor the real drivers around them. Hackers could even create virtual traffic jams, an exploit to track Waze users in real-time.
The hack only works when the app is in the foreground and users can also not be tracked when in invisibility mode.
The research team had informed Waze of the issues in 2014 and the company said that it responded by implementing a “system of cloaking” which does not show the users’ location on the app consistently or in real time. However, the issue seemed to not have been fully addressed and cited an unnamed "news article" as to having "severe misconceptions about the app.
In a test, it showed that knowing a user’s workplace or home address would already allow for a hacker to track a user’s Waze locations. Waze said the research prompted a change in the company’s privacy safeguards in the last 24 hours.
David Emm, principal security researcher at Kaspersky Lab commented: "Violation of our ‘personal space’ while online is a huge concern. However, the Waze exploit is only a small issue part of a much wider concern – being tracked online. According to the ‘Are you cyber savvy?’ quiz from Kaspersky Lab, 41 per cent of consumers are uncomfortable with websites tracking their location and online activities, yet do nothing about it.
"Our habitual online activities like shopping, chatting, and travelling are all recorded and stored by different services. Online merchants, for example, use consumer browsing data to tailor their ads to suit user preferences. Access counters, web analytics tools and social networks also all constantly watch Internet users, track what they do online, and where they are when they do it."