Is it possible, is there such a thing as an attack that can tell a hacker where you live? The BBC has revealed that a specially booby-trapped website can tell a hacker where you are to only a few metres.
The attack was dreamt up by security expert Sam Kamkar who demonstrated at the Black Hat hackers conference a website exploiting common shortcomings in a router to reveal it’s real-world location.
He tricked the router into believing the request for it’s ID information was coming from the connected PC, not from the Internet. He then used the revealed MAC address with a geo-location feature in Firefox to interrogate the database Google gathered when it made its Street View photographs.
The data, which was controversially gathered, linked the MAC addresses of routers to GPS co-ordinates. “This is geo-location gone terrible,” said Mr Kamkar during his presentation. “Privacy is dead people. I’m sorry.”
Mikko Hyponnen, senior researcher at F Secure called the demonstration “very interesting” adding that such a technique could be used for “stalking or targeted attacks against an individual”.
“The fact that databases like Google Streetview’s Mac-to-Location database or the Skyhook database can be used in these attacks just underlines how much responsibility companies that collect such data have to safeguard it correctly.” said Mr Hypponen
In 2005, Mr Kamkar created a work that helped him gain more than 1 million MySpace friends in a single day.
Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter.Related Articles:
Why Your Home Router is 192.168.1.1Home Network Router Security Secrets
New Google Cyber Attack Details Emerge
Apple Leads In Security Vulnerabilities, Microsoft Third
Try Microsoft Windows Home Server for 120 Days
Nothing is impossible, Now a days hackers are more talented compared to developers :)
Its always the hackers who make the developers to think and act.
The developers atually is “HACKERS”..for business..
I disabled geo-lactation in Firefox a while back. It would be nice to know if this is in fact the way to defeat such an attack. Also, I’m sure Tomato and other open source router firmware are now aware of this and will be taking steps aswell.
“Privacy is gone…” not entirely, it’s just an ogoing battle.