Locate Any WiFi Router By Its MAC Address

coderrr writes "SkyHook Wireless has been wardriving the US for years creating a huge database mapping wireless routers' MAC addresses to their physical locations. They provide an minimally documented API (docs here) which allows anyone to query the database directly for any MAC address. This could potentially allow some malicious individual to find out exactly where you live. Of course for them to get the MAC of your router in most cases will require either being infected with malware or some sort of social engineering attack... Imagine if you got a phishing email that included your home address."

Security

This is exactly why it's a *good* idea to steal internet access from the neighbors.

Re:Security

[cant_get_a_good_nick]

My niece asked me this, should she jump on someone elses WiFi, but this happened right after the big kerfuffle about the DNS hack.

You realize that you're giving all your data and control over to a machine that you don't control. You hope that it's open because the person is either an idiot or a good guy, but you have no evidence of either at that point. Even something as simple as checking your mail might give people access to your inbox, and all the 'password reset' notices you get.

Re:Security

[novakreo]

You realize that you're giving all your data and control over to a machine that you don't control.

Isn't that what you already do with your own ISP? How do you know that some bored guy there isn't already eavesdropping on your data? Or even someone at your ISP's upstream provider?

Quick!

Someone tell San Francisco!

Legality of this

[ilovesymbian]

Er, isn't it illegal to wardrive in some states [Florida] in the first place?

And then putting out the MAC address publicly, like finding someone's SSN and posting it publicly. Oh, I guess its the owner's fault for not securing it.

Re:Legality of this

[creepynut]

Unless I am mistaken, securing a wireless router does not stop anyone from seeing its MAC address.

Re:Legality of this

Comparing an SSN to a MAC? *Chuckles*

Re:Legality of this

[grayn0de]

Only when the person is too much of a poser to not find the hidden SSID. Not everyone knows how, though it is incredibly simple. That is the reason why we have security through obscurity, to begin with. Also, to comment on the topic, it does not take social engineering to find the MAC address for a router. Almost every stumbler does that, by default, out of the box. Many will show that there is a hidden SSID, but they may still show the MAC address. Even if they don't, the SSID can be found and the router cracked.

Re:Legality of this

[creepynut]

I should have been more specific, by "securing" I meant encryption. As far as I know, even using WPA won't encrypt any MAC addresses.

Pulling open Network Stumbler is evidence of this, it will show all networks, with the router MAC. It will show hidden networks, just without the SSID (which can be found by other means anyway). I

Re:Legality of this

[Sethb]

Yep, there's even a company called Navizon that's building a competing service to Skyhook, yet they pay individuals to collect the MAC addresses (as well as Cell tower IDs) with their GPS-equipped devices, so that those without GPS can still obtain their location. It integrates with the new Fire Eagle software/service from Yahoo too.

Here's a link (with my referral code inserted): Navizon

Skyhook has zero data in the city I live in, though I did eventually figure out how you could submit a MAC and coordinates to their system, and fed mine in, so at least my iPhone-owning friends will know where they are when they're at my house...

Re:Legality of this

[Collective+0-0009]

What's funny is that SSNs and MACs are very similar. They are both unique identifiers. The only reason you see it as different is that SSN has been treated more like a password than a serial number.

Re:Legality of this

[ElectricTurtle]

That, and MACs aren't a serial number per se (granted blocks of them are assigned to specific manufacturers, but there's a reason that network hardware devices always have S/Ns in addition to MACs), they are ADDRESSES. They are SUPPOSED TO BE KNOWN. It makes no sense that people would freak out about somebody knowing the MAC address of their wireless but not the street address on their mailbox. Oh noes! Somebody might use their 31337 h4x0ring skillz to send me spam and phishing attacks to my interweb mail! Like they don't already? Somebody could send a pipe bomb to your physical mailbox too. Better hide that address, oh wait, you can't.

Stop scaring the sheeple. I know it's kind of fun, but it's bad in the long term. That's how we get stupid legislation like banning wardriving or public access points/mandatory encryption.

Perfect for scaring people

[QuickFox]

This is perfect for when IPv6 takes off, with its built-in MAC address. Then my website can scare people shitless by greeting them with a note saying exactly where they live.

Re:Perfect for scaring people

[blair1q]

You mean as though you looked up their name in the phone book?

Duh.

One of the points of IPv6 is to get rid of the kind of Internet invisibility that allows spamming and phishing to flourish. Being on the Internet will be like being in public. Privacy will be opt-in. Any community you join will have to agree to allow you to hide yourself. You will be able to hide your identity from other users on a content provider (like here on /.) but you won't be able to hide from the content provider as you DOS his account-creation system or scan his ports.

Will this create tracking-privacy issues? Sure. But we can deal with those by exercising our right to control the agencies that would use that data. It will prevent much more pervasive problems involving people we don't have legal control of until we catch them.

You will have the same freedoms you now have - maybe more as you won't have to alter your personality to duck from the trolls or hide your email address from spammers; your security will be increased; and your in-box will have your email in it instead of a flaming bag of crap every morning.

Screw you guys, I liked the movie.

Of course for them to get the MAC of your router in most cases will require either being infected with malware or some sort of social engineering attack.

NORM : Security, uh Norm, Norm speaking.

DADE: Norman? This is Mr. Eddie Vedder, from Accounting. I just had a power surge here at home that wiped out a file I was working on.Listen, I'm in big trouble, do you know anything about computers?

NORM: Uhhmmm... uh gee, uh...

DADE: Right, well my BLT drive on my computer just went AWOL, and I've got this big project due tomorrow for Mr. Kawasaki, and if I don't get it in, he's gonna ask me to commit Hari Kari...

NORM: Uhhh.. ahahaha...

DADE: Yeah, well, you know these Japanese management techniques.... Could you, uh, read me the number on the modem?

NORM: Uhhhmm...

DADE: It's a little boxy thing, Norm, with switches on it... lets my computer talk to the one there...

NORM: 212-555-4240.

Re:Maybe.

[Lumpy]

Exactly. I dont know what hey use for wardriving, but my stuff can not tell me that router B is in that white house across the street while router C is in the brick house with a pentagram painted on the front door next to router A that is in the doghouse in the back yard of that red teepee.

The story is 90% hooey with 10% sensationalism thrown in for fun.

Wrong

[Ancient_Hacker]

You don't need malware or anything else to get a router's MAC address, it's in every packet the router sends out.

And you can't easily get an exact street address from wardriving. All you know is somewhere along the antenna's main lobe there is a router. Could be 10 feet away, could be 500.

And knowing the MAC address is of no earthly use. Well, in the old days you could map it to a ethernet chip manufacturer, but now most routers have changeable MAC addresses.

You can't map MAC address to email addresses either, as the summary claims. Sheesh.

The thing is...

[theotherbastard]

I believe Skyhook uses the Wireless Antenna's MAC Address, not the WAN Port MAC Address. So, you'd have to be within proximity of the WAP in order to get that information anyway, which means you know about where the WAP is in the first place.

Late to the party

[ElectricTurtle]

Wigle has been doing this for years and years. They're also almost completely open and cross platform. Besides, if anybody wants to know where somebody is, there are a lot easier ways than trying to link a an address from the media access control layer to some coordinate on a map.

Re:Quick, Change your MAC!

[papasui]

While I can't speak specifically for Comcast, most cable companies do not use the CPE mac address. The cable modem's HFC mac address is what it used to authorize service. What can and likely is done is that a limit is set on the number of CPE ip addresses that can be handed out (typically your public ip address). Some cable companies set this to 1. The CMTS maintains a table called the cable host which has these entries and they are typically cleared by rebooting the cable modem. If that doesn't work it may need to be manually cleared from the cmts.

Re:Maybe.

[bhtooefr]

At driving speeds it's harder to find out, but at walking speed (if you actually are on foot, it's warstumbling,) you can easily see the signal strength go up as you walk by the house that the router is in.

How is that informative?

[tetromino]

First: I use Comcast. Over the past 3 years, I've replaced wireless routers 2 times (in 2 different homes). The only thing I needed to do to set up a new router was to power-cycle the cable modem; I did not need to change the router's MAC address.

Second: in any case, even if you use some ghetto ISP that tracks router MAC addresses, the external MAC (what the cable modem sees) and the internal wireless MAC (what the wardrivers see) are different and completely independent. You can easily change one without changing the other.

Compatibility

[tepples]

Only when the person is too much of a poser to not find the hidden SSID.

Plenty of devices with an 802.11b radio, especially handheld devices, cannot connect to networks with hidden SSIDs. (A lot of them can't do WPA either.) If you use one of those devices, you have to reconfigure networks that you administer not to hide the SSID.

iPhone

[Have+Blue]

The iPhone already uses this service for AGPS and A-cell-tower-triangulation. It was added in a 1.x update well before the 3G was released.

Re:Quick, Change your MAC!

[clone53421]

Ok, a few other people have said basically the same thing I'm going to say, but I thought their answers don't do a very good job of describing the problem for a very non-technical user. Hopefully I'll do better (and if I'm incorrect in any of my statements, I'm sure somebody will correct me... I'm not really an expert).

• Your cable modem has a MAC address which can be seen by Comcast and any computer on your personal network.
• Your wireless router has a separate MAC which can be seen by anyone close enough to get the signal (or who's plugged into the wired ports on the wireless router itself).
• Your computer has its own MAC address, which is visible to any other computer on your network (on your side of the cable modem).
• Any other computer, printer, or network device on your network has a MAC that is visible to other devices on your network.

In other words, there are a lot of MAC addresses on your local network. The key point is this: A wardriver will get the MAC of your wireless router (well, if he connects to the network he might be able to get MAC addresses of your other equipment, but that would only be possible on an unencrypted network). You can change that safely, because it's not the MAC that Comcast sees. (On a related note, changing the MAC on your computer's network card, whether it's wired or wireless, isn't going to be effective, because that's not what a wardriver is going to see. If you're "visiting" someone else's wireless network, then changing the MAC of your wireless card will anonymize you a little, but that's useful because you don't trust the network – in other words it's a different scenario. You generally "trust" your own network.)

IPv6 MAC addresses don't leak much here

[billstewart]

IPv6 does have a mode where it autoconfigures devices using a munged version of the MAC address as the lower 64 bits of the address. (It's an ugly munge, not simply a 16-bit subnet plus 48-bit MAC, but in some sense it still gives you Netware-like autoconfig.) It's not clear how many people are going to use that mode, as opposed to a DHCP-replacement mode.

But that's not going to leak information about the wireless, because typically nobody outside your building is going to talk to the IP address of the wireless side of your router. Either they're going to talk to the IPv6 address of one of your computers, so they might see the MAC address of your laptop, or they might see the MAC address of the Ethernet side of your firewall, but that's different from the MAC address of the wireless side.