Is it possible, is there such a thing as an attack that can tell a hacker where you live? The BBC has revealed that a specially booby-trapped website can tell a hacker where you are to only a few meters.
The attack was dreamt up by security expert Sam Kamkar who demonstrated at the Black Hat hackers conference a website exploiting common shortcomings in a router to reveal it's real-world location.
He tricked the router into believing the request for it's ID information was coming from the connected PC, not from the Internet. He then used the revealed MAC address with a geo-location feature in Firefox to interrogate the database Google gathered when it made its Street View photographs.
The data, which was controversially gathered, linked the MAC addresses of routers to GPS co-ordinates. "This is geo-location gone terrible," said Mr Kamkar during his presentation. "Privacy is dead people. I'm sorry."
Mikko Hyponnen, senior researcher at F-Secure called the demonstration "very interesting" adding that such a technique could be used for "stalking or targeted attacks against an individual".
"The fact that databases like Google Streetview's Mac-to-Location database or the Skyhook database can be used in these attacks just underlines how much responsibility companies that collect such data have to safeguard it correctly." said Mr Hypponen
In 2005, Mr Kamkar created a work that helped him gain more than 1 million MySpace friends in a single day.
To protect against this kind of attack, it is important to properly secure the wireless router and connection so that data can't just be retrieved and linked to the user. Users who do not make use of location-based features in their browsers may also want to consider turning them off as it makes no sense keeping them turned on if they are not used.
Firefox will display a notification to users when a website or service wants to retrieve the user's location. They then have options to allow or deny the request.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.