Earlier this week researchers from the University of California, Santa Barbara, led by professor of computer science, Ben Zhao, have discovered a vulnerability in Waze which could technically allow hackers to track a Waze user / driver and create fake traffic jams using “ghost drivers”. Waze has now addressed the issue, confirming that safeguards have been implemented “in the past 24 hours” to address the problem and “prevent ghost drivers from affecting system behavior”.
A couple of days ago a report came out revealing a vulnerability in the Waze system. The researchers were able to exploit the system and track a reporter for Fusion as she drove through San Francisco and Las Vegas. The team was even able to create a fake traffic jam in a remote area every morning between 2 am – 5 am for two weeks. Of course, the reporter allowed the researchers to track her and provided them with her username as well as her location, which made it possible for the researchers to easily track her driving habits using the “ghost drivers” exploit. However, according to Waze, exploiting the system in real time without having a diver’s username is not something easily achieved, and thus, Waze users should rest easy knowing that hackers can’t simply track any driver at any time. “We appreciate the researchers bringing this to our attention” Waze added in the press release, confirming that certain safeguards have already been set in place “in the past 24 hours” to address the vulnerability. The company added that the vulnerability was exploited in a controlled environment, and has never occurred in real-time and real-world scenarios.
In addition, Waze reminds its customers that they can choose how much information they want to share. For an extra layer of security, Wazers can always enable invisible mode, which will prevent their icon from showing on the map. However, the downside of enabling invisible mode is that users will appear offline to every other Waze user, including their friends. Furthermore, invisible mode users are not able to add, edit places, or send reports, so the service becomes rather limited. Keep in mind that invisible mode needs to be re-enabled each time you open Waze.