Israeli students can cause fake traffic jams on popular Waze map app

Pierluigi Paganini April 05, 2014

Two Israeli students at Technion-Israel Institute of Technology were able to cause traffic jams hacking the popular navigation app Waze for a school project.

In many films we have seen bad hackers who were able to cause Traffic Jams causing death and destruction, this was possible because filmmakers are aware of the high penetration level in our ordinary life. Think to the paradigm of Internet of Things or the were able devices, humans are being nodes of a global network and who will control it will control the world.

Is it possible to cause traffic jams with a cyber attack? The reply is yes, it’s hard, but not impossible.

I desire to share with you this curious news, hackers can cause traffic jams just deceiving your navigation Smartphone application. It’s interesting to note that the attackers were able to cause traffic jams without interfering with any infrastructure neither hacking the traffic light systems.

Shir Yadid and Meital Ben-Sinai, two Israeli students at Technion-Israel Institute of Technology, demonstrated that it is possible hacking a popular navigation app.

The news was reported by the journal Haaretz, The two students were assigned by college to hack Google-owned Waze GPS app, it is a popular mobile application that provides indications and useful information on the status of the traffic, including alerts on traffic jams and accidents.

Waze-Social-GPS-Maps Traffic jams

Waze navigation app is widely used in Israel, recently Google acquired the firm for $1 billion.

The students created an application was able to introduce in the navigation application Waze information to case the reporting of fake traffic jams. Of course they used a demo simulator to launch the cyber attack, the experiment succeeded in demonstrating that a bad actor could cause traffic jams inoculating fake information in any similar app.

The strategy adopted by the students is quite simple, similar to the one I proposed years ago to poison social networks, they registered thousands of fake Waze users using bogus GPS coordinates.

The positions assigned to each fake profile are interpreted by the navigation application that when note a great number  of users in the same place trigger an alert for a traffic jam with obvious consequences. 

The attackers could deliberately raise the alerts for traffic jams in different areas of a city, causing the traffic direction to roads non so crawled, in reality the entire traffic will be hijacked in the same place causing the traffic congestions.
The students have already informed Waze of the attack, providing the results of the experiments to the Waze company.

Pierluigi Paganini

(Security Affairs – Traffic jams, Waze)



you might also like

leave a comment