Jump to content
✨ STAY UP TO DATE WITH THE WORLD TOUR ✨

Web attack knows where you live: "Privacy is dead, people. I'm sorry."

busybeeburns

By busybeeburns
in How We See The World

 Share

Recommended Posts

busybeeburns

busybeeburns

Posted
Posted

_48587312_googlestreetviewcar.jpg

The attack uses data gathered by Google's Street View cars

 

One visit to a booby-trapped website could direct attackers to a person's home, a security expert has shown.

 

The attack, thought up by hacker Samy Kamkar, exploits shortcomings in many routers to find out a key identification number. It uses this number and widely available net tools to find out where a router is located.

 

Demonstrating the attack, Mr Kamkar located one router to within nine metres of its real world position. Many people go online via a router and typically only the computer directly connected to the device can interrogate it for ID information.

 

However, Mr Kamkar found a way to booby-trap a webpage via a browser so the request for the ID information looks like it is coming from the PC on which that page is being viewed. He then coupled the ID information, known as a MAC address, with a geo-location feature of the Firefox web browser. This interrogates a Google database created when its cars were carrying out surveys for its Street View service.

 

This database links Mac addresses of routers with GPS co-ordinates to help locate them. During the demonstration, Mr Kamkar showed how straightforward it was to use the attack to identify someone's location to within a few metres. "This is geo-location gone terrible," said Mr Kamkar during his presentation. "Privacy is dead, people. I'm sorry."

 

Mikko Hypponen, senior researcher at security firm F Secure, attended the presentation and said it was "very interesting research".

 

"The thought that someone, somewhere on the net can find where you are is pretty creepy," he said. "Scenarios where an attack like this would be used would be stalking or targeted attacks against an individual," he added.

 

"The fact that databases like Google Streetview's Mac-to-Location database or the Skyhook database can be used in these attacks just underlines how much responsibility companies that collect such data have to safeguard it correctly," said Mr Hypponen.

 

Mr Kamkar detailed the attack during a presentation at the Black Hat hacker conference. In 2005, Mr Kamkar created a worm that exploited security failings in web browsers to garner more than one million "friends" on the MySpace social network in one day.

 

Prosecuted for the hack, Mr Kamkar was given three years' probation, did 90 days of community service and paid damages. He was also banned from using the net for personal purposes for an undisclosed amount of time.

 

http://www.bbc.co.uk/news/technology-10850875

Link to comment
Share on other sites
mc_squared

mc_squared

Posted
Posted

 

Prosecuted for the hack, Mr Kamkar was given three years' probation, did 90 days of community service and paid damages. He was also banned from using the net for personal purposes for an undisclosed amount of time.

 

 

I bet he was "hacked off" about that.......................... :rolleyes:

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing


×
×
  • Create New...