A recent report showed that Waze usere are being vulnerable to stalking via an exploit, but Waze now explains that the danger can be easily circumvented.
A team of UC Santa Barbara researchers conducted a study that demonstrated how Waze drivers could be monitored by crafty hackers. Computer science professor Ben Zhao was part of the team that unveiled the security flaw.
"There was definitely a level of shock or surprise when we first realized this," Zhao declared for WTSP.
The team made use of the Waze feature that displays nearby users in real-time, proving that the data drivers get about others is instantaneous. Among other tests, the researchers built hundreds of fake driver profiles which are able to monitor a given real profile and track its location.
The researchers learned how the app communicates with its back-end servers and used the information to reverse-engineer the modus operandi of Waze. After that, the team crafted a software that prompted Waze servers with commands, virtually creating a huge number of "ghost cars" which reported on the position of real drivers.
Waze retorted to the report with a point by point statement on its official blog.
The company explains that the researchers could pinpoint the location of reporter Kashmir Hill thanks to her cooperation in the experiment. The reporter offered the research team both her username and starting location, which gave the researches a good deal of initial information. This is the type of information a stranger will never have on you, Waze underlines.
"A stranger cannot search for / find your Wazer on the map and follow you," Waze points out.
The exploit works only when your app is open and active. Waze receives your location and shares it with fellow drivers...but you already knew that was the premise when you downloaded the app, right? One easy way to go around and avoid any type of stalking is to enable the "invisible mode," but somehow we suppose that any privacy-conscious user will take that as its first step.
The company emphasizes that it is up to each Wazer how much information it makes available on the platform.
"Wazers choose how much or how little information they give," says the company.
The team of researchers will talk about the exploit and other details will be shared at the MobiSys in June.
"Waze regularly examines the security of our system and we expect to test and implement further security measures as any company does," the company notes.
Waze further notes that it pays close attention to the users' requests. That is why the app allows you to add phone numbers to the registration process, as people said that they prefer sharing their location with phone book contacts as opposed to Facebook friends. The addition of "real world" friends is an example of Waze's commitment to "continuing to build our global community."
Waze made clear that the experiment took place in a controlled and safe environment, and all client data remained safe and uncompromised.
"Nothing is more important than the relationships we've built with our drivers," Waze concludes.
Should you consider switching from Waze to another driving assistant app, check out this compare and contrast with Google Maps.