The web attack that leads hackers straight to your home - gHacks Tech News

The web attack that leads hackers straight to your home

Is it possible, is there such a thing as an attack that can tell a hacker where you live?  The BBC has revealed that a specially booby-trapped website can tell a hacker where you are to only a few meters.

The attack was dreamt up by security expert Sam Kamkar who demonstrated at the Black Hat hackers conference a website exploiting common shortcomings in a router to reveal it's real-world location.

He tricked the router into believing the request for it's ID information was coming from the connected PC, not from the Internet.  He then used the revealed MAC address with a geo-location feature in Firefox to interrogate the database Google gathered when it made its Street View photographs.

The data, which was controversially gathered, linked the MAC addresses of routers to GPS co-ordinates.  "This is geo-location gone terrible," said Mr Kamkar during his presentation. "Privacy is dead people. I'm sorry."

Mikko Hyponnen, senior researcher at F-Secure called the demonstration "very interesting" adding that such a technique could be used for "stalking or targeted attacks against an individual".

"The fact that databases like Google Streetview's Mac-to-Location database or the Skyhook database can be used in these attacks just underlines how much responsibility companies that collect such data have to safeguard it correctly." said Mr Hypponen

In 2005, Mr Kamkar created a work that helped him gain more than 1 million MySpace friends in a single day.

To protect against this kind of attack, it is important to properly secure the wireless router and connection so that data can't just be retrieved and linked to the user. Users who do not make use of location-based features in their browsers may also want to consider turning them off as it makes no sense keeping them turned on if they are not used.

Firefox will display a notification to users when a website or service wants to retrieve the user's location. They then have options to allow or deny the request.

 





  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. P.K.ARUN said on August 3, 2010 at 9:36 pm
      Reply

      Nothing is impossible, Now a days hackers are more talented compared to developers :)

    2. BalaC said on August 4, 2010 at 6:07 am
      Reply

      Its always the hackers who make the developers to think and act.

    3. mrburn said on August 4, 2010 at 7:49 am
      Reply

      The developers atually is “HACKERS”..for business..

    4. Turko said on August 5, 2010 at 1:03 am
      Reply

      I disabled geo-lactation in Firefox a while back. It would be nice to know if this is in fact the way to defeat such an attack. Also, I’m sure Tomato and other open source router firmware are now aware of this and will be taking steps aswell.
      “Privacy is gone…” not entirely, it’s just an ogoing battle.

    Leave a Reply