Slashdot Mirror

← Back to Stories (view on slashdot.org)

Using XSS & Google To Find Physical Location

Posted by kdawson on from the how-i-met-your-girlfriend dept.

wiredmikey sends along a brief (and quite poorly written) report from Security Week on Samy Kamkar's talk at Black Hat last week. In the video, which is amusing, he demonstrates how to obtain location information (within 30 feet, in the example he shows) of a user who does no more than visit a malicious website. The technique involves sniffing out the local router, breaking into it to obtain its MAC address, and sending that to Google to extract the router's location from Google's Street View database.

6 of 77 comments (clear)

  1. Not completely accurate by Netshroud · · Score: 4, Informative

    Inputting my friend's router's MAC address on his site (here) results in a location circle about 3km wide and about 10km away from his house. Close, but not close enough.

    1. Re:Not completely accurate by amorsen · · Score: 2, Informative

      There may be other ways, perhaps involving GPS-enabled cell devices using various third party software products, or even first party depending on the party.

      Google Maps on cell phones does that, AFAIK.

      --
      Finally! A year of moderation! Ready for 2019?
  2. Better Explanation by Manip · · Score: 4, Informative

    Google has been driving around and scanning WiFi networks in order to use it as a location service (Read: cheap GPS). Thus Google now have a cross referenced list of Wireless networks ("mac addresses") with GPS location data on that network's source (based on triangulation).

    We've already seen attacks that allow web-sites to break into routers when the default password isn't change, and for example change their DNS servers to servers operated by the attacker. This is an attack that is also assuming the default router password (and address) and retrieving the WiFi mac address, which is then sent back using postback.

    You then create a web-site, when someone visits it, it logs into their router, sends the mac address back to the site, which the owner can then search for on Google Maps for that WiFi network giving you a rough location of that person (without about two street blocks).

  3. Re:Don't be evil? by pslam · · Score: 2, Informative

    The fundamental question is: Should Google be snooping and publishing MAC locations at all?

    Did you know there's at least a dozen companies that do this? Did you know Skyhook did this for years before Google?

    But I think you're biasing the question by starting out calling it 'snooping'.

  4. Re:Google didn't directly scan your SSID by fatmatt_oz · · Score: 3, Informative

    I'm not sure what sort of checks google does on the MAC addresses, but in my case not much. For about 12 months depending on where I stood in my house google maps reported my location as either within 30m of my house in Melbourne (Australia) or downtown London England. When I eventually bothered to try and figure out why I realised they'd scanned by SSID when they drove by for streetmap and either it or my wireless MAC address matched the one in England. I am running a version of DDWRT and I think in the flashing process the MAC was changed. Short story is that it looks like it was taking the MAC address/SSID from the strongest signal only and not the surrounding AP's or the cell phone towers nearby. I stumbled across a form where I could register my MAC address (or SSID, I forget which but I think it was the MAC) with google to correct my location and now "oh my god, they've found me" , I'm thinking that was not such a good idea now...

  5. Re:Location is the least of your problems by interiot · · Score: 3, Informative

    Wrong, wrong. A default password means you ARE vulnerable. It's such a problem that ISPs are willing to do questionable things to fix it.

    (it's a slight variant of your #2, though "compromising" in this case doesn't mean a full compromise, it means mildly abusing the DNS spec to work around XSS restrictions)