Researchers at the University of California – Santa Barbara showed why mobile app security testing is needed for apps outside of the traditional scope of finance and health apps.
Was, which collects public data to show drivers obstacles such as congestion, accidents, construction, weather problems, and the fasted route around these is vulnerable to a classic Man-in-the-Middle attack,
The Waze servers SSL encryption was vulnerable to interception, reverse engineering, and issuing false data to users. Such as creating fake drivers or traffic problems. These “ghost riders” were able to mimic the GPS location of a single driver, following the drivers, and reporting their GPS locations.
Since Waze is a form of social media, sharing a user’s GPS location, it shows how hackers are able to abuse and manipulate that kind of information.
Was has now updated the app to only broadcast GPS data when the app is in use, instead of keeping it running in the background as was the case on the old version of the app. This kind of hack makes a good case for companies using mobile app security testing to understand what might be a possible threat to companies and their users.
Codified Security is here to help make your mobile app secure whether it’s for iOS, Android, or to make sure you’re clearing the OWASP Mobile Top 10. For mobile app security testing try out Codified Security.