The Waze community is a very handy way to keep ahead of the traffic, but the app just became a little less friendly, as researchers have found a way to track the location of thousands of users. A team from the University of California Santa Barbara discovered an exploit after reverse engineering Waze’s server code. This took a considderable amount of effort, but eventually allowed the group to issue commands directly to the app’s servers.
The bug allowed the researchers to intercept driver locations and to monitor other drivers around them. To do this, the team was able to create thousands of “ghost drivers” that could monitor all of the drivers around them. The exploit can even be used to create fake traffic jams and feed false traffic information into the system, which would obviously be very frustrating and disruptive to users. It’s worth noting that this type of mass bot exploit isn’t limited to Waze either.
Fortunatley, there’s plenty than can be done to avoid the bug from affecting you. Using the built in invisibility mode breaks the exploit, and it also only works when the app is running in foreground mode, as Waze disabled background location sharing back in January. Users can also put a limit on data requests so that one computer can’t create multiple ghost instances to try to track down your location.
See also: Waze now notifies you when you’re speeding
The researchers have been in contact with Waze about the issue for a while now and the company has implmented some features to help prevent location tracking. There’s already a “cloaking” system designed to hide your location and Waze says that it is working to fix up the remaining flaws in the system.
There’s no evidence to suggest that this exploit is being actively used for malicious purposes yet, but if it can be done once it can be done again. Fortunatley the risks of being tracked are pretty low, although it might be best to use those privacy settings where possible.
Source: ANDRIOD AUTHORITY