Forum Discussion

RecontuerSG_258's avatar
RecontuerSG_258
Historic F5 Account
Apr 29, 2016

Can F5 help with the vulnerability in WAZE social-traffic app?

Method: Man-in-the-middle HTTPS Proxy. Ability: Create ghost cars to receive real driver's location broadcast when driving. Create a fake traffic jam. Researchers pointed out WAZE servers did not detect anomaly when in a short period of time, many "cars" were created.

 

Details of vulnerability: http://fusion.net/story/293157/waze-hack/

 

Welcome any of your thoughts and insights. It seems like web security is more obvious and easier to protect than application security/server-to-server communications.

 

  • Hello,

     

    From what I understand on the attack, you can use rate limiting feature. You can also mitigate this vulnerability by using the DDoS feature from the ASM module that is anomaly based, source IP based or URL based detection. Or, you can write and deploy an irule that do intelligent rate limiting.