SANTA BARBARA, Calif. — A vulnerability in a popular navigation app could let hackers track your driving, researchers say.
Fusion reports that a security flaw makes it possible for hackers to ‘create thousands of ‘ghost drivers’ that can monitor the drivers around them,’ according to researchers from the University of California-Santa Barbara. The team, which included computer science professor Ben Zhao and graduate students, demonstrated the vulnerability by tracking other researchers and even Fusion reporter Kashmir Hill.
Hypothethical hack of Waze
‘There was definitely a level of shock or surprise when we first realized this,’ Zhao told WTSP.
The good news? Thanks to a recent update, the app only broadcasts your location if it is running in the foreground, Fusion reports. Users also can set themselves as ‘invisible’ in the app, according to WTSP.
Waze also addressed the claims in a blog post Wednesday, saying that ‘user accounts were not compromised, there was no server breach, and Wazer account data is safe.’
‘The reporter in the article gave her location and username to the research team, which greatly simplified the process of deducing sections of her route after the fact by using a system of ghost riders,’ the post reads. ‘We appreciate the researchers bringing this to our attention and have implemented safeguards in the past 24 hours to address the vulnerability and prevent ghost riders from affecting system behavior and performing similar tracking activities. None of these activities have occurred in real-time and in real-world environments, without knowing participants.’
Read more: This free app blocks IRS scam phone calls