By B.N. Frank
Cyberattacks can lead to drastic consequences no matter who or what is targeted – businesses (see 1, 2), community governments, hospitals (see 1, 2), medical devices, personal devices (see 1, 2, 3, 4, 5, 6), security systems, utility grids (see 1, 2, 3), and/or utility “Smart” Meters. Hackers can also set devices on fire!
Recently it’s been reported that Google’s Waze App is also vulnerable to hackers who collect information on users and nearby drivers as well.
From Threat Post:
Waze Can Allow Hackers to Identify and Track Users
The company already patched an API flaw that allowed a security researcher to use the app to find the real identity of drivers using it.
A security researcher has discovered a vulnerability in Google’s Waze app that can allow hackers to identify people using the popular navigation app and track them by their location.
Security DevOps engineer Peter Gasper discovered an API flaw in the navigation software that allowed him to track the specific movements of nearby drivers in real time and even identify exactly who they are, he revealed in a blog post on his research website, “malgregator.”
Waze uses crowd-sourced info aimed at warning drivers about obstacles that may be in their way of an easy commute–such as traffic congestion, construction, accidents and the like—and then suggests alternative and faster routes around these obstacles. The apps also displays the location of other drivers in close proximity as well as their GPS locations.
Gasper reported the latest Waze bug to Google last December and was rewarded a bug bounty of $1,337 from Google’s Vulnerability Reward Program in January 2020, disclosing the flaw publicly in August. The company said it already has patched the flaw.
Gasper said his research began innocently enough when he realized he could visit Waze from any web browser at at waze.com/livemap and decided to see how the app implemented the icons of other drivers nearby. He discovered that not only does Waze send him the coordinates of other nearby drivers, but also that the “identification numbers (ID) associated with the icons were not changing over time,” Gasper observed in his post.
Warnings about ALL wireless, “Smart,” and Internet of Things (IoT) devices being vulnerable to cyberattacks and hacking are NOT new. Privacy violations by product manufacturers and software providers themselves – including Google (see 1, 2, 3, 4) – are also frequently reported.
Activist Post Recommended Book: The Age of Surveillance Capitalism
Before navigation apps, most drivers used to listen to the radio for traffic alerts and reference paper maps for alternative routes. That’s still an option – a much less creepy option.
Activist Post reports regularly about unsafe technology. For more information, visit our archives.
Provide, Protect and Profit from what’s coming! Get a free issue of Counter Markets today.