Security News > 2020 > October > Google’s Waze Can Allow Hackers to Identify and Track Users
A security researcher has discovered a vulnerability in Google's Waze app that can allow hackers to identify people using the popular navigation app and track them by their location.
Gasper reported the latest Waze bug to Google last December and was rewarded a bug bounty of $1,337 from Google's Vulnerability Reward Program in January 2020, disclosing the flaw publicly in August.
Inspired by a research paper published in 2013 that claimed that only four spatio-temporal points are enough to uniquely identify 95 percent of people, Gasper said he decided to go a step further to try to identify with specificity the drivers he was able to track within Waze.
He started with his own ID and used only the Waze map, discovering that in a low-density area, he could track his own ID by monitoring his own location.
Realizing this would not scale for multiple users, he dug deeper and found "Another privacy leak" that would allow hackers to identify a broader range of specific drivers using Waze.