Is it possible, is there such a thing as an attack that can tell a hacker where you live? The BBC has revealed that a specially booby-trapped website can tell a hacker where you are to only a few metres.
The attack was dreamt up by security expert Sam Kamkar who demonstrated at the Black Hat hackers conference a website exploiting common shortcomings in a router to reveal it’s real-world location.
He tricked the router into believing the request for it’s ID information was coming from the connected PC, not from the Internet. He then used the revealed MAC address with a geo-location feature in Firefox to interrogate the database Google gathered when it made its Street View photographs.
The data, which was controversially gathered, linked the MAC addresses of routers to GPS co-ordinates. “This is geo-location gone terrible,” said Mr Kamkar during his presentation. “Privacy is dead people. I’m sorry.”
Mikko Hyponnen, senior researcher at F Secure called the demonstration “very interesting” adding that such a technique could be used for “stalking or targeted attacks against an individual”.
“The fact that databases like Google Streetview’s Mac-to-Location database or the Skyhook database can be used in these attacks just underlines how much responsibility companies that collect such data have to safeguard it correctly.” said Mr Hypponen
In 2005, Mr Kamkar created a work that helped him gain more than 1 million MySpace friends in a single day.
Copyright © Mike Halsey www.theLongClimb.com 2012
This feed is for personal, non-commercial use only.
The use of this feed on other websites breaches copyright. If this content is not in your news reader, it makes the page you are viewing an infringement of the copyright. (Digital Fingerprint:
(50.196.149.137) )