Presenting last week at the Black Hat Conference in Las Vegas, Nevada, Samy Kamkar demonstrated how he is able to convince a target to visit a malicious website which uses JavaScript to extract the router's Media Access Control (MAC) address and report the unique identifier. This address is then used with Google location services and the hacker has a map showing the victim's location within a few hundred feet.
He commented that people do not change their router credentials, and if a user visits a malicious website that creates a form and you can now login to someone's router. “Their browser is compelling this exploit for you, but this is not a geolocation XXXSS attack. Depending on the router you may not need to login at all,” he said.
Kamkar has previously served three years' probation, ending in January this year, for developing the Samy cross-site scripting worm that propagated across the social networking site MySpace.
Mac security firm Intego said that since Google's photo cars recorded MAC addresses, and this information is publicly available, the MAC address can be correlated with the location where it was detected. In many cases, this can be very precise, especially if you 'are in a sparsely populated area.
Graham Cluley, senior technology consultant at Sophos told SC Magazine that social networking is now becoming more geographically specific, with Four Square tipped to be the next website to rise in popularity. He said: “It is now about the ‘World Where Web' and about location, we have seen documented cases where people have posted a status update and been robbed and also been the victim of physical violence. It is one of the growth areas and it is beginning to gain in momentum.”
See original article on scmagazineus.com
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
