Slashdot Mirror

← Back to Stories (view on slashdot.org)

Geolocation XSS Tracker Proof of Concept

Posted by CmdrTaco on from the oh-thats-fine-i'm-sure dept.

Jamie found a bit of a scary link this morning that demonstrates a router XSS getting your MAC address and using it to map your current location. Which I'm sure is totally no big deal for anyone.

22 of 102 comments (clear)

  1. Geoduping by __aagctu1952 · · Score: 4, Funny

    Even worse, with some clever XSS you can make Slashdot post the same story twice!
    Oh wait, that's just shitty editing. Sorry.

  2. Or, maybe it doesn't by loftwyr · · Score: 5, Interesting

    Apparently my router is currently sitting in the former main office of the major telco for my area. Which is across town from me.

    And here I was thinking it was on my desk.

    So, fail

    1. Re:Or, maybe it doesn't by TooMuchToDo · · Score: 4, Informative

      Mine was dead on, with the blue dot indicator actually on top of my townhouse (out of 5). Clearly, YMMV.

  3. Re:OMG: H4CK4RS ON STEROIDS! by Anonymous Coward · · Score: 2, Insightful

    Good job, dumbass. Now you are uniquely identifiable.

  4. Re:"from other data sources" by phantomcircuit · · Score: 2, Insightful

    MAC based geolocation of wireless routers is far more accurate than geolocation using ip alone.

  5. Re:OMG: H4CK4RS ON STEROIDS! by oldspewey · · Score: 2, Insightful

    Candy Browser (Graham Cracker OS 4_1) Version/2.7

    Hell, it can't be any worse at rendering standard HTML/CSS than IE.

    --
    If libertarians are so opposed to effective government, why don't they all move to Somalia?
  6. Dead beef by Abstrackt · · Score: 3, Funny

    Apparently 00-de-ad-be-ef-00 is in downtown Toronto.

    --
    They say a little knowledge is a dangerous thing, but it's not one half so bad as a lot of ignorance. - Terry Pratchett
    1. Re:Dead beef by Joe+Snipe · · Score: 2, Funny

      00-de-ad-ba-be-00 is in the Highlands.

      --
      Sometimes, life itself is sarcasm...
  7. Re:wildly off by idontgno · · Score: 2, Funny

    In Soviet Los Angeles...

    Nope. That's it, that's all I've got. Damn. Seemed so promising.

    --
    Welcome to the Panopticon. Used to be a prison, now it's your home.
  8. The Cross-site Scripting (XSS) FAQ by mrkitty · · Score: 4, Informative

    The XSS FAQ
    http://www.cgisecurity.com/xss-faq.html

    --
    Believe me, if I started murdering people, there would be none of you left.
  9. NoScript addon protects you from this by plastick · · Score: 3, Informative

    NoScript will protect you from this (XSS) - even if you have it set to globally allow javascript.

  10. Re:Comedy plot by jbezorg · · Score: 2, Funny

    Dan Brown? Is that you?

    --
    I've lost all my marbles except one & It's fun to test angular & centripetal acceleration in my skull
  11. Not found by iONiUM · · Score: 2, Informative

    Mine says not found. Probably because I don't have broadcast SSID on my wireless, judging by the procedure he's using (google locator). If this is the case, why does anyone broadcast their SSID to begin with? I never really understood that. There's no benefit for home users, since chances are 99% of the devices you use on a daily basis are not new, and so you only have to take the extra 5 seconds to manually enter the SSID once.

    1. Re:Not found by Anonymous Coward · · Score: 4, Informative

      Short answer: It's easier, and more secure.

      If you don't broadcast your SSID, your laptop or other devices will keep polling for it when its not around, thus you're essentially broadcasting your SSID wherever you go.

      http://www.howtogeek.com/howto/28653/debunking-myths-is-hiding-your-wireless-ssid-really-more-secure/ is a good read.

      On a sort of unrelated note, I was slightly disappointed that even when I hand-fed this script my mac address it still didnt have my location. Then I remembered I changed my mac address to try to fix some problems with comcast, and google had my old one. I wonder if theres anything to be gained by spoofing your mac address as one from another location, possibly to circumvent some geolocked content?

  12. Re:wildly off by wvmarle · · Score: 2, Informative

    To follow up on my own post:

    I just tried the example MAC that is given on the web site, and that one failed as well. Also that same location in Los Angeles, USA.

    Not sure what's going on here but as proof of concept it seems to fail pretty miserably for me. Oh and that's with the latest Firefox (v.3.6.10) available on Ubuntu 10.04.

  13. Re:"from other data sources" by SoTuA · · Score: 2, Interesting

    Well, in my case the IP-based location is accurate to 5 miles, while this guy's thingy placed me 50 miles away...

  14. Fail for my MAC by AliasMarlowe · · Score: 4, Informative

    Well, I entered my router's MAC just for giggles, and it said "Sorry, didn't find anything". This router has been continuously connected with a fixed public IP address for over a year.
    Then I entered my previous router's MAC, and got the same result. The previous router is in storage in the attic, but was in use with very few brief breaks for about 6 years. Also with a fixed public IP address.
    Clearly, their MAC geolocation database has a teeny hole - or more likely loads of vast gaping chasms.

    --
    Those who can make you believe absurdities can make you commit atrocities. - Voltaire
    1. Re:Fail for my MAC by gad_zuki! · · Score: 3, Informative

      Hmm, just guessing, but are you checking your wifi interface MAC and not your wired interface wifi? Also, hows the reception outside your home? If the streetview car can't see your SSID's then its not going to get that MAC. I'm not certain if google's sniffer was able to sniff pre-encrypted headers with the MAC if SSID broadcast is disabled.

  15. Re:wildly off by Ksevio · · Score: 2, Informative

    That's the default for the page - you have to click one of the links on the page to change things.

    In Firefox/Opera, click the link in "If you're on Firefox, you can test the Location Services by clicking here. " and the map will change.

  16. re: broadcast SSID by King_TJ · · Score: 2, Interesting

    I find broadcasting the SSID helps greatly in troubleshooting wireless issues for other people, if nothing else.
    If I get called out to the typical home user's place to help them "fix their problems getting on the Internet", they often don't have any clue what their SSID is set to. All they know is that "It worked ever since the Geeksquad guys came out and set it all up for us!" or what-have-you.

    On more than one occasion, I discovered the reason someone had issues had to do with neighbors buying new Linksys routers that had default SSID's of "linksys", matching the default of THEIR Linksys router they'd been using for months/years. Sometimes they were actually connecting to a neighbor's unsecured router for quite some time, before that neighbor made changes that booted them out -- and only THEN did they think they had things mis-configured.

  17. Wierd by ichthus · · Score: 3, Interesting

    I have two Wireless APs -- one of which is only active occasionally for guests. Here's what I got when I entered my MACs:

    Everyday (always on) router: It found my city, but the address was about two miles away.

    Guest router: It pinpointed my father-in-law's address. This is strange, because my router has never been located at his house. But, HE HAS CONNECTED TO MY ROUTER. Interesting.

    I checked the first address again, and this would be a friend's house, who I once connected his laptop to my network when I was fixing it.

    I'm not completely familiar with 802.11, but it would appear that computers that had previously connected to my MAC are regularly pinging this MAC in such a way as to be received by the Google drive-by's and recorded as actual MACs of actual APs. Is there another explanation?

    --
    sig: sauer
  18. PDF Presentation by robertkeizer · · Score: 2, Interesting

    It's worth noting that the presentation titled "Bad Memmories" was presented at the BlackHat conference is very similar to this. PDF available http://media.blackhat.com/bh-us-10/whitepapers/Bursztein_Gourdin_Rydstedt/BlackHat-USA-2010-Bursztein-Bad-Memories-wp.pdf