Waze app can be hacked to display fake traffic jams

10:00 ET, 7 April 2014

Two Israeli students at Technion-Israel Institute of Technology were able to cause traffic jams hacking the popular navigation app Waze for a school project.

In many films we have seen bad hackers who were able to cause Traffic Jams causing death and destruction, this was possible because filmmakers are aware of the high penetration level in our ordinary life. Think to the paradigm of Internet of Things or the were able devices, humans are being nodes of a global network and who will control it will control the world. Is it possible to cause traffic jams with a cyber attack? The reply is yes, it’s hard, but not impossible. I desire to share with you this curious news, hackers can cause traffic jams just deceiving your navigation Smartphone application. It’s interesting to note that the attackers were able to cause traffic jams without interfering with any infrastructure neither hacking the traffic light systems. Shir Yadid and Meital Ben-Sinai, two Israeli students at Technion-Israel Institute of Technology, demonstrated that it is possible hacking a popular navigation app. The news was reported by the journal Haaretz, The two students were assigned by college to hack Google-owned Waze GPS app, it is a popular mobile application that provides indications and useful information on the status of the traffic, including alerts on traffic jams and accidents.

w1

Waze navigation app is widely used in Israel, recently Google acquired the firm for $1 billion. The students created an application was able to introduce in the navigation application Waze information to case the reporting of fake traffic jams. Of course they used a demo simulator to launch the cyber attack, the experiment succeeded in demonstrating that a bad actor could cause traffic jams inoculating fake information in any similar app. The strategy adopted by the students is quite simple, similar to the one I proposed years ago to poison social networks, they registered thousands of fake Waze users using bogus GPS coordinates. The positions assigned to each fake profile are interpreted by the navigation application that when note a great number  of users in the same place trigger an alert for a traffic jam with obvious consequences.

The attackers could deliberately raise the alerts for traffic jams in different areas of a city, causing the traffic direction to roads non so crawled, in reality the entire traffic will be hijacked in the same place causing the traffic congestions.

The students have already informed Waze of the attack, providing the results of the experiments to the Waze company.

Pierluigi Paganini

(Editor-In-Chief, CDM)
rsa-logo

 

 

 

Subscribe to Cyber Defense Magazine

Join our mailing list, no strings attached. We never sell your data. We'll send you monthly e-magazines, webinar invites from us and our partners, cybersecurity trade show updates, awards, infosec news, cybersecurity tips and so much more on all things cyber defense.
Subscribe

Related News

Are you maximizing your digital transformation investments with modernized app onboarding? Mobile App APIs Are Crucial to Businesses – But Are Under-Protected WordPress Security Explained – Reduce the Risk of Being Hacked by 82%
April 7, 2014

CyberDefenseMagazine Follow 24,016 54,487

Cyber Defense Magazine - The Premier Source for IT Security and Compliance Information. https://t.co/748STKH6k0.

cyberdefensemag

cyber defense awardsWe are in our 11th year, and Global InfoSec Awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.
Cyber Defense Awards

12th Anniversary Global InfoSec Awards for 2024 are now Open! Take advantage of co-marketing packages and enter today!

Show Me!
X