Traffic control The man in the middle

May 13th, 2013 by admin Leave a reply »

Data sent by GPS applications such as Google maps and Waze can be altered hence control navigation routes of other drivers and even cause traffic jams. That is, if hackers would be interested in it, they would be able to affect the real-time traffic in order to trick users in travelling to the busiest traffic centers, rather than to open road, or to any track or spot they desire.

Both applications allow users to navigate through the use of information obtained from their devices, along with other devices currently on the road – and analyze the real-time traffic in order to offer the ideal route. But just at this point hackers can cause damage and change the route, anonymously and without being discovered by the applications, and to persuade users to take completely different tracks than they should.

Those apps use GPS sensors and Wifi in Smartphone devices in order to track the location of the user. If Wifi

is enabled and alone, you can get information only on the wireless access points and area of radio cells around the user, which helps calculate the approximate location? Google for its part uses real-time traffic information that is sent using TLS protocol (Transport Layer Security) designed to send the user’s location in a protected and secure mode.

While the protocol itself ensures the reliability of the data, which makes it impossible to attack or monitor the phone without Google’s notice, there is a work around that allows controlling the data itself. This is called ‘man-in-the-middle’ – We used Android 4.0.4, placing hack just before the security protocol allows to control the information sent from the Smartphone, without being detected by Google.

Google receives information from the device without approval or user’s current location check, and that’s how it possible to change the driving route to and from any point in the world.

Obviously, in order to have a significant impact on the traffic, you have to create large number of different users.

A similar attack can be associated with Waze, but this application is much more difficult to affect drivers and navigation process, since the app connects the user’s location with an account. Thus, an attacker who wants to change the traffic to simulate more vehicles would need to create multiple accounts with different email addresses.

Companies that offer navigation applications can avoid these attacks by linking the information about the current location of the user to a one-time approval cataloged by the hour and will be limited in time. Thus, applications can limit the maximum amount of information sent or received by any device, and by that effectively offer another layer of security to their internal system.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Leave a Reply