Waze: Hackers Can't Track You Specifically, So Stop Worrying
Researchers detailed a security vulnerability affecting navigation app Waze this week, and it ignited concerns about potential privacy violations and mass surveillance. Waze has been quick to respond, saying in a lengthy statement today that it has tighten up the vulnerability, but also that concerns were overblown and you shouldn't waste your time worrying. Among other things, the vulnerability wouldn't have allowed anyone to find you specifically.
The Waze users one sees on the map "are minutes old," says Waze, and are merely a "random snapshot of activity" for that particular region. They're meant to make you feel connected and sociable and like the region is up-to-date and thriving...not to show exactly where people are, and how many are on the platform. They also enable users to message others who are where you're heading, possibly getting first-hand info on an area.
The vulnerability let the researchers pepper an area with fake Wazers, making it appear people were on the road, and therefore were able to see those who were around them. That had limited usefulness, though, because they had no way of knowing who those other Wazers were, nor whether they were actually there at that time or had only been there in the recent past.
"You can always use invisible mode," says Waze, for those who are particularly concerned about being tracked. Turning this on will remove you from the map so that you don't show up as a nearby icon. Ultimately, the company said that you have no reason to worry:
We appreciate the researchers bringing this to our attention and have implemented safeguards in the past 24 hours to address the vulnerability and prevent ghost riders from affecting system behavior and performing similar tracking activities ... Waze regularly examines the security of our system and we expect to test and implement further security measures as any company does. Public discussion of the details of these safeguards is intentionally limited.
SOURCE: Waze Blog
