Explore the security implications of real-time traffic data in navigation systems through this Black Hat EU 2013 conference talk. Delve into the potential privacy risks associated with smartphone-based floating car data used by services like Google Navigation and Waze. Examine the extent of user tracking capabilities and the global localization of wireless access points. Investigate the authenticity of traffic data and learn about practical demonstrations of hacker-controlled navigation systems. Discover a proposed protocol designed to prevent such attacks while preserving user privacy, complete with implementation details and benchmark results across various hardware platforms.
Overview
Syllabus
Intro
Agenda
Google Live Traffic
Google Protocol
MASF Request Message
MASF Response Message
Protocol Buffers Payload (Request)
Protocol Buffers Payload (Response)
Waze Protocol
Google / Waze, GPS on / WiFi on
Authenticity / Attack
Network Location Provider Protocol
Requirements
Zero-Knowledge Proof of Knowledge
"Get Dispenser"-Protocol (simplified)
"Submission"-Protocol (simplified)
Benchmark Results
Discussion
Conclusion
Taught by
Black Hat
