It's a given that if you're driving, you or someone you know has Waze as a go-to on their smartphone. The Google-owned crowdsourced navigation app is one of the best for avoiding traffic, roadblocks, and even cops.
But a new academic study and report from Fusion suggest that using Waze leaves you at the mercy of hackers that can track your every move.
Researchers at the University of California Santa Barbara found a flaw in Waze that allows someone to bypass the SSL encryption the app uses to communicate information. From that data they were able to figure out how Waze tracks cars and copy Waze's protocols to make a slew of "ghost drivers."
These fake drivers than then shadow a given user, and collect information on that person's movements in real time.
After the hack came to light, Kashmir Hill at Fusion worked with the researchers to test it out, demonstrating just how effective this exploit is.
The research team's ghost drivers were able to track Hill's movements over the course of several days. "The researchers sent me their tracking minutes after my trips, with accurate time stamps for each of my locations," Hill wrote. The hack only worked while she was running Waze in the foreground of the phone, though many drivers keep the navigation app up and running while on the road.
The hack works by exploiting one of Waze's key elements: information collected from drivers. This data, collected from public users, is one major reason Waze is so effective at analyzing traffic patterns.
Luckily, thwarting this hack is as easy as setting your Waze profile to invisible. To "go invisible," tap the icon on the bottom-left, then on your name, and toggle on the feature. You have to do this every time you restart the app, though, so it's pretty annoying.
Waze says they are working on a fix to the vulnerability.
For now, Waze users can protect their information in two ways. First, make sure their app is updated, as a January update blocked the app from broadcasting your location as it ran in the background.
Second, use the "invisible" mode.