Your IT Consultant

Researchers Can Track Waze Drivers and Create Fake Traffic

April 28, 2016

Waze is a Google app that uses crowdsourcing to determine and display traffic events. I've seen my sons use it as a "radar detector" type app since actual radar detectors are illegal in Virginia. Unfortunately, Waze is not very secure as was reported by Softpedia, which described Waze as "The Waze app works by sending the user's geographical coordinates and other details to Google's servers. This information is then aggregated and presented to all nearby users as traffic status reports, allowing users to choose, or have the app calculate the shortest route to a destination by automatically avoiding congested areas."

Researchers put a HTTPS proxy server between the Waze client and Google servers. As a result, they were able to decrypt the communications and reverse engineer the Waze protocol. They were then able to actually track Waze users and inject false traffic to make it appear as if there is a traffic jam, accident or some other traffic related event. Google has fixed some of the researchers' discoveries, but not all of them. I think I'll just stick to my trusty built-in GPS and not worry about some fancy smartphone app.

E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
http://www.linkedin.com/in/johnsimek
http://www.senseient.com