Hacked GPS Apps Could Cause Traffic Jams: Report

A new study has found that hackers have the ability to cause real-time traffic jams, even in areas many miles from their location. The threat could affect the millions of people who rely on global positioning systems.

Among the most prolific systems targeted by hackers is Google Maps, a service that offers turn-by-turn navigation using information from a mobile phone to analyze real-time traffic data.

All location information sent to the individual is secured by a TLS (Transport Layer Security) system to protect the integrity of the data and make it impossible for a hacker to orchestrate an attack before being detected by Google. (Source: computerworld.com)

But according to Tobias Jeske, a doctoral student at the Institute for Security in Distributed Applications at the Hamburg University of Technology, TLS is powerless if a hacker attacks before the TLS system can be initiated.

Man-In-The-Middle Attack Determines Vulnerability

To demonstrate his theory, Jeske performed a man-in-the-middle attack on an Android 4.0.4 smartphone. In a nutshell, a man-in-the-middle attack is a form of eavesdropping whereby a hacker relays messages between legitimate machines (such as computers and mobile devices).

And while it would appear as if information is being transmitted via a private connection, in actuality all communications between the machines is being controlled by the hacker.

Following his experiment, Jeske discovered that the attacker can send false information without detection.

However, it was determined that for a hacker to really influence traffic flow in a given area, a substantial number of Google Maps users need to be using the service at about the same time and heading towards the same area.

Nevertheless, it is still unnerving that an individual is able to send out false traffic information without the fear of detection.

Fresh Updates Could Combat Problems

Security experts say that firms will need to adjust to the threat by protecting their systems with advanced security measures.

For example, software firms that produce navigation apps can prevent problems by linking location information to a one-time authentication system that is time stamped and limited to a fixed amount of time.

In other words, these companies would need to indicate when their information was posted and be mindful to constantly update traffic status in these areas. (Source: networkworld.com)