Using the software they built, the students managed to create a traffic jam that lasted for hours and made drivers deviate from their path. Their supervisors informed "Waze" about the attack, detailed the way in which it was carried out and were answered by the vice president for operations that the company is investigating ways to prevent such attacks.
Female students from the Technion created a system that causes the popular navigation software to report on simulated traffic jams. create a simulated traffic jam that lasts for hours and make drivers deviate from their path; Their supervisors at the Technion reported this to "Waze" which is testing ways to prevent further attacks of this type.
Two students from the Technion built, as part of a project at the Faculty of Computer Science, a system that causes the popular navigation software "Waze" to report on simulated traffic jams. Using the software they built, the students managed to create a traffic jam that lasted for hours and made drivers deviate from their path. Their supervisors informed "Waze" about the attack, detailed the way in which it was carried out and were answered by the vice president for operations that the company is investigating ways to prevent such attacks.
The idea for the project came to the mind of doctoral student Nimrod Partosh, when he was stuck in a traffic jam together with his supervisor, Professor Eran Yahav. "It was last summer. I told Eran that if we had made 'Waze', before we set off, report to drivers about a traffic jam on the coastal road, the app would have directed drivers to Route 4 and we would have traveled to Tel Aviv on the coastal road, without traffic jams," he recalled with a smile.
Professor Yahav: "We laughed and the topic didn't come up until the beginning of the winter semester, when I met two outstanding students. I suggested to Nimrod to present the idea to them and let them face this challenge, as a student project."
Nimrod managed to intrigue the two female students, Shir Yadid and Mital Ben Sinai, who are studying at the Technion as part of the prestigious "Peaks" project - the academic reserve's excellence program. Both are studying for a degree in software engineering and are nearing the end of their fourth year of studies. "We didn't know what we were going towards", they say. "Success in the project was not guaranteed, although the idea does not sound innovative, but its implementation is complex, so we are required to invest a lot of time and effort."
Under the guidance of Nimrod and Professor Yahav, they began work. First, write software that allows the automatic creation of simulated "Waze" users, with the entire registration process. The registration of the new "users" was carried out completely automatically using a tool that simulates smart phones on the computer. The two students needed several dozen simulated users to build each stage of the attack, but during the hard work they created thousands of fictitious users for "Waze".
Professor Yahav: "They built a system that knows how to work with the 'Waze' application, register new users automatically and then fake their GPS location, thus simulating the inventions of these users in a certain place."
"We built an application that falsifies a GPS location and makes the system think that the user is traveling in a location of our choice. We were very surprised that 'Waze' treated it", Shir and Mittal laugh.
In the third step, they created a driving pattern that would make "Waze" think that it was a traffic jam. They tried different variations. "This was the most difficult part of the project," they say. "We had to get inside the head of 'Waze'. We did a lot of experiments around the Technion campus in Haifa. We started with the image of a slow and continuous drive, then we added a fast drive before the slow drive and in the last step we added stops at different time points."
Finally they came up with the formula and did manage to create a traffic jam of several hours.
The attack created by the students could have far-reaching consequences, as it could keep drivers away from the toll road and cause it to go bankrupt, or create virtual traffic jams near supermarkets or shopping centers and make customers drive to competitors.
"We believe that following our appeal, 'Waze' will know how to find a way to prevent such attacks," says Nimrod Partosh, who is doing his doctorate in software analysis, under the guidance of Professor Eran Yahav, an expert in software analysis.
Professor Yahav: "I would like to thank our other passengers that summer, who contributed many ideas. In addition to the doctoral student Moti Guri from Ben-Gurion University who offered ideas for defense against the attack, and the National Cyber Headquarters and the Ministry of Science who support this type of research."
9 תגובות
An idea, if a certain party uses foreign servers for sabotage, camouflage, bitcoin mining, etc. Is it possible to charge him for a fee. For harming a person's good name? Or perhaps charging royalties similar to YouTube's rights arrangement. And this if the perpetrator of the damage can be identified.
A certain idea, sometimes different parties use foreign servers. For acts of sabotage, camouflage, bitcoin mining, etc. If it were possible to identify the source of the damage, perhaps it would be possible to charge him a fee. Like YouTube's royalty arrangement, as an example.
L-No, you really took the words out of my keyboard :)
The fact that a "medium technical level at most" is enough to disrupt the system emphasizes the seriousness of the problem. Keep in mind that this was only a demonstration of feasibility, and in the hands of a real vandal with malicious intent, the effect could be more significant.
Oldies
I agree with you.
right on time. As Wiz becomes more popular, it is a target for attacks and biases that have real potential to cause harm. Well done the team at the Technion for raising the level of awareness of all of us about this. Let's just hope that Wiz will take this seriously. It's nice that Prof. Yahav stepped out of the box and pushed such an unusual project.
The action describes vandalism and a medium technical level at most. To "break into" Wiz and thereby disturb a community of drivers "and expose" the system in its hiddenness, consider throwing banana peels in a public garden to show that the cleaner missed. There is no promotion of science here, Turing will probably not turn over in his grave and no points were added to the Technion. This is the kind of prank that is best for teenagers with no cohesive character and excess free time and not for an academic institution.