Categories: Hacking

Israeli students can cause fake traffic jams on popular Waze map app

Two Israeli students at Technion-Israel Institute of Technology were able to cause traffic jams hacking the popular navigation app Waze for a school project.

In many films we have seen bad hackers who were able to cause Traffic Jams causing death and destruction, this was possible because filmmakers are aware of the high penetration level in our ordinary life. Think to the paradigm of Internet of Things or the were able devices, humans are being nodes of a global network and who will control it will control the world.

Is it possible to cause traffic jams with a cyber attack? The reply is yes, it’s hard, but not impossible.

I desire to share with you this curious news, hackers can cause traffic jams just deceiving your navigation Smartphone application. It’s interesting to note that the attackers were able to cause traffic jams without interfering with any infrastructure neither hacking the traffic light systems.

Shir Yadid and Meital Ben-Sinai, two Israeli students at Technion-Israel Institute of Technology, demonstrated that it is possible hacking a popular navigation app.

The news was reported by the journal Haaretz, The two students were assigned by college to hack Google-owned Waze GPS app, it is a popular mobile application that provides indications and useful information on the status of the traffic, including alerts on traffic jams and accidents.

Waze navigation app is widely used in Israel, recently Google acquired the firm for $1 billion.

The students created an application was able to introduce in the navigation application Waze information to case the reporting of fake traffic jams. Of course they used a demo simulator to launch the cyber attack, the experiment succeeded in demonstrating that a bad actor could cause traffic jams inoculating fake information in any similar app.

The strategy adopted by the students is quite simple, similar to the one I proposed years ago to poison social networks, they registered thousands of fake Waze users using bogus GPS coordinates.

The positions assigned to each fake profile are interpreted by the navigation application that when note a great number of users in the same place trigger an alert for a traffic jam with obvious consequences.

The attackers could deliberately raise the alerts for traffic jams in different areas of a city, causing the traffic direction to roads non so crawled, in reality the entire traffic will be hijacked in the same place causing the traffic congestions.

The students have already informed Waze of the attack, providing the results of the experiments to the Waze company.

Pierluigi Paganini

(Security Affairs – Traffic jams, Waze)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.