Using XSS & Google To Find Physical Location 77
wiredmikey sends along a brief (and quite poorly written) report from Security Week on Samy Kamkar's talk at Black Hat last week. In the video, which is amusing, he demonstrates how to obtain location information (within 30 feet, in the example he shows) of a user who does no more than visit a malicious website. The technique involves sniffing out the local router, breaking into it to obtain its MAC address, and sending that to Google to extract the router's location from Google's Street View database.
Good news for the anti-fraud workers. (Score:2, Interesting)
Re:Not completely accurate (Score:5, Interesting)
Inputting my friend's router's MAC address on his site (here [samy.pl]) results in a location circle about 3km wide and about 10km away from his house. Close, but not close enough.
Should I be worried that Google knows the correct location for a new WAP which I just turned on about a month ago in a small po-dunk town in the middle of nowhere?
I mean seriously--the town has a population of approximately 10,000. It's hardly Austin or New York. Maybe I just timed it correctly.
Re:Not completely accurate (Score:4, Interesting)
I am pretty sure it is cell phones - I believe [citation needed] that the iPhone (for one) does this as part of the anonymized data sent back to Apple. Google's database is probably kept up to date in a similar fashion.
Let look at this in more detail... (Score:3, Interesting)
Ok a standard home router has 2 interfaces, one to the WAN (the ISP) the other to the LAN. Each of these has a unique MAC address.
The WAN is known by the ISP and hopefully is not used in this example as it would mean he has no clue. (Google would not know it I hope as it should only be know if you actually connect). It could be used for location services to some extent, but the wireless angle would be a red herring
The other MAC address is for the LAN. You do not need to crack the router to get it as the local machine must have it. Just do an arp -a at a command prompt.
Unless Java script is blocked from getting this info. (I do not do Java script coding at that level in Windows)
I also thought Google tossed encrypted packet, so only people who did not care would be vulnerable.
Re:Not completely accurate (Score:5, Interesting)
Worried? Why would you worry about that?
It's public spectrum.
If you want to use it, you gotta play by the rules [gpoaccess.gov], just like everyone else -- including Google*.
If you don't want to, then don't. Nobody's holding a gun to your head and telling you that you must make WiFi available to yourself.
Just turn it off.
Alternatively, take the tinfoil hat off and get over it. This data is useful to folks, and it's all fair game.
For years, now, my first-gen iPod Touch has done a great job of finding where I am using nothing but Wifi signals, even in my own podunk town -- which was useful when I carried it everywhere to complement my (then) lousy cell phone. But by the time I visited Chicago a few months ago, my GPS-capable Droid did a fine job of figuring out where I was with startling accuracy, within a downtown hotel and without a GPS fix.
Meanwhile, I myself have uploaded a few tens-of-thousands of APs with GPS coordinates to Wigle [slashdot.org] during my daily wardriving escapades. I have no idea what gets done with that data, but I do enjoy collecting it, and I like looking at the maps it produces.
But, again. If you don't like the game, then don't play it. The price of copper is down right now, so Cat5e is cheap. So just cable your gear up, and nobody will be able to drive by and map it.
*: IIRC, Google got themselves in trouble recently for accidentally recording Wifi traffic when they thought they were only recording location data. Nobody accused them of this; they admitted it all on their own in a very altruist fashion. You've got far more devious organizations than Google to worry about, if you're still insistent on wearing that stupid tin foil hat.
Re:Let look at this in more detail... (Score:3, Interesting)
3. Often the MAC address of the internal interfaces and external ones are either a) identical (yes, I've seen it happen) or b) directly related (i.e. add two to the last byte).