Google’s Waze Can Allow Hackers to Identify and Track Users

From threatpost.com

Google's Waze Can Allow Hackers to Identify and Track Users

The company already patched an API flaw that allowed a security researcher to use the app to find the real identity of drivers using it.

A security researcher has discovered a vulnerability in Google’s Waze app that can allow hackers to identify people using the popular navigation app and track them by their location.

Security DevOps engineer Peter Gasper discovered an API flaw in the navigation software that allowed him to track the specific movements of nearby drivers in real time and even identify exactly who they are, he revealed in a blog post on his research website, “malgregator.”

Waze uses crowd-sourced info aimed at warning drivers about obstacles that may be in their way of an easy commute–such as traffic congestion, construction, accidents and the like—and then suggests alternative and faster routes around these obstacles. The apps also displays the location of other drivers in close proximity as well as their GPS locations.

Read more…