Can F5 help with the vulnerability in WAZE social-traffic app?

Question

Method: Man-in-the-middle HTTPS Proxy.
Ability: Create ghost cars to receive real driver's location broadcast when driving. Create a fake traffic jam. 
Researchers pointed out WAZE servers did not detect anomaly when in a short period of time, many "cars" were created.&nbsp;
Details of vulnerability: http://fusion.net/story/293157/waze-hack/&nbsp;
Welcome any of your thoughts and insights.
It seems like web security is more obvious and easier to protect than application security/server-to-server communications. &nbsp;

yann_desmarest · Answer

Hello,&nbsp;
From what I understand on the attack, you can use rate limiting feature. You can also mitigate this vulnerability by using the DDoS feature from the ASM module that is anomaly based, source IP based or URL based detection. Or, you can write and deploy an irule that do intelligent rate limiting.&nbsp;

Forum Discussion

Can F5 help with the vulnerability in WAZE social-traffic app?

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Coordinated Vulnerability Disclosure: A Balanced Approach

Windows Critical RCE Vulnerability, Malicious Solana-py, and EDRKillShifter

Enhancing Software Security with Rust: A Solution to Common Vulnerabilities

Cyberattacks On Embassies, Threat Actor Using ChatGPT To Write Malware, and MMS Vulnerabilities

OWASP Automated Threats - OAT-014 Vulnerability Scanning

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS