Waze Attacked: Technion Students Create Traffic Jam Cyber Attack On GPS App

By Maya Yarowsky, NoCamels March 25, 2014 Comments

Students from the Technion created a program able to disrupt Waze’s advanced navigation systems, causing it to report fictitious traffic jams that redirected routes on the popular GPS platform. The student’s instructors reported their observations to Waze, which is currently looking into ways to prevent similar cyber attacks in the future.

As part of their studies in computer science at the Technion in Haifa, two students constructed a program capable of disrupting traffic reports provided by the popular navigation service Waze by creating fictitious traffic reports to steer drivers off course. Using the program that they constructed, the students were able to create a traffic jam that continued for hours and forced thousands of drivers to steer clear of their regular routes.

The vice president of Waze operations yesterday said that the company is looking into methods to prevent such attacks.

Related stories:

Doctoral student Nimrod Partush came up with the idea for the project while stuck in traffic one day with one of his instructors, Professor Eran Yahav. “It was last summer. I told Eran that if we were able to cause Waze to report a traffic jam on the Coastal Highway, the application would direct drivers to [the alternate route] Route 4, allowing us to make our way into Tel Aviv on the Coastal Highway without traffic,” said Partush with a smile.

Professor Yahav stated: “We laughed about it and the subject didn’t come up again until the beginning of the winter semester when I met two exceptional students.I suggested to Nimrod that he propose the idea to the students, but to allow them to face the challenge on their own, as part of their studies.”

Partush was able to spark the curiosity of the two young students, Shir Yadid and Maytal Ben Sinai, who currently study in the prestigious Summit program of the Academic Atuda unit of the Israeli Defense Forces, allowing youngsters to pursue academic studies before joining the military.

Creating fictitious Waze users

Under the guidance of Partush and Professor Yahav, the students got to work. They began by writing a program that allowed for the automatic creation of fictitious Waze users in the registration process. They were able to make this process automatic using computer software that simulates the functions of smartphones. The students began by creating dozens of fictitious users in order to build up the strength of the cyber attack, but by the end of the process were responsible for thousands of fabricated “Waze” users flooding the system.

Professor Yahav explains, “They built a program that knows how to work with the Waze application, to sign up new users automatically, and then to forge a fake GPS location in order to simulate the location of a user in a specific place.”

“We created an application that was able to fabricate GPS locations, causing the system to think that a user is traveling in a location that we specified,” said Shir and Maytal with a wry smile.

The third step in tricking the popular and advanced navigation application was simulating traffic patterns that would confuse Waze into thinking there was traffic on a certain route. The two tried a number of different variations until they were able to achieve their goal, “This was the hardest part of the project,” said the students. “We needed to get inside of Waze’s head.”

Potentially severe consequences

In the end, the students were able to get the final version of their program down, causing a fictitious traffic jam for hours upon hours on Israel’s roads.

The cyber attack simulated by the students could have severe consequences on traffic patterns, enabling a user to discourage drivers from using a toll road leading to bankruptcy for the traffic authorities, or to create a fictitious traffic jam near a particular shopping center in order to divert consumers towards a competitor.

“We believe that as a result of report, Waze will be able to find a way to prevent such attacks,” said Partush who is currently completing his doctorate in programming analysis under Prof. Eran Yahav, an expert in the field.

Photo by epSos.de

Load more