Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

OT but - Hacker pilfers browser GPS location via router attack - The Register

0 views
Skip to first unread message

nick...@gmail.com

unread,
Jan 5, 2010, 3:21:25 PM1/5/10
to
I know this really isn't to do with GPS, but it's the sort of thing
that is likely to start a discussion here due to it being another sort
of incursion into the realms of geolocation...

If you're surfing the web from a wireless router supplied by some of
the biggest device makers, there's a chance Samy Kamkar can identify
your geographic location.

That's because WiFi access points made by Westell and others are
vulnerable to XSS, or cross-site scripting, attacks that can siphon a
device's media access control address with one wayward click of the
mouse. Once in possession of the unique identifier, Kamkar can plug it
in to Google's Google Location Services and determine where you are.

More at http://www.theregister.co.uk/2010/01/05/geo_location_stealing_hack/

Bert Hyman

unread,
Jan 5, 2010, 3:28:23 PM1/5/10
to
In
news:d2b910fd-14b0-4ce4...@l30g2000yqb.googlegroups.com
"nick...@gmail.com" <nick...@gmail.com> wrote:

> That's because WiFi access points made by Westell and others are
> vulnerable to XSS, or cross-site scripting, attacks that can siphon a
> device's media access control address with one wayward click of the
> mouse. Once in possession of the unique identifier, Kamkar can plug it
> in to Google's Google Location Services and determine where you are.
>
>

How would knowing my PC's MAC address or the MAC address of my router
tell anyone where it's sitting?

--
Bert Hyman St. Paul, MN be...@iphouse.com

Sam Wormley

unread,
Jan 5, 2010, 3:51:29 PM1/5/10
to
On 1/5/10 2:21 PM, nick...@gmail.com wrote:
> I know this really isn't to do with GPS, but it's the sort of thing
> that is likely to start a discussion here due to it being another sort
> of incursion into the realms of geolocation...
>
> If you're surfing the web from a wireless router supplied by some of
> the biggest device makers, there's a chance Samy Kamkar can identify
> your geographic location.

Nothing to do with WiFi, or routers

http://www.ip-adress.com/ip_tracer/87.112.87.33
http://isc.sans.org/ipinfo.html?ip=87.112.87.33
http://www.rbltest.com/index.html?ip=87.112.87.33

http://groups.google.com/groups/profile?user=nick...@gmail.com
http://centralops.net/co/EmailDossier.aspx?email=nick...@gmail.com

Here's some of the information your browser gives away:
http://centralops.net/asp/co/BrowserMirror.vbs.asp
http://www.bufftony.com/browserinfo.html

host 87.112.87.33
33.87.112.87.in-addr.arpa domain name pointer
87.112.87.33.plusnet.ptn-ag2.dyn.plus.net.

dig -x 87.112.87.33

; <<>> DiG 9.6.0-APPLE-P2 <<>> -x 87.112.87.33
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32327
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;33.87.112.87.in-addr.arpa. IN PTR

;; ANSWER SECTION:
33.87.112.87.in-addr.arpa. 42693 IN PTR
87.112.87.33.plusnet.ptn-ag2.dyn.plus.net.

;; AUTHORITY SECTION:
87.112.87.in-addr.arpa. 5104 IN NS ns2.force9.net.
87.112.87.in-addr.arpa. 5104 IN NS ns1.force9.net.

;; ADDITIONAL SECTION:
ns1.force9.net. 126457 IN A 195.166.128.16
ns2.force9.net. 126457 IN A 195.166.128.17

;; Query time: 38 msec
;; SERVER: 129.186.1.200#53(129.186.1.200)
;; WHEN: Tue Jan 5 14:46:38 2010
;; MSG SIZE rcvd: 173


X-HTTP-UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:1.9.1.6)
Gecko/20091201 Firefox/3.5.6 (.NET CLR 3.5.30729),gzip(gfe),gzip(gfe)

Security tools such as nmap can determine a lot more about your
computer.

PeterD

unread,
Jan 5, 2010, 6:15:05 PM1/5/10
to

It wouldn't. Knowing the IP address would, and hell all IP addresses
are basically known and public. There are many IP locator sites on the
web, though many are not terribly accurate, or only indicate a given
region or state.

Bert Hyman

unread,
Jan 5, 2010, 6:35:31 PM1/5/10
to
In news:ssh7k5ta28h1tgahb...@4ax.com PeterD
<pet...@hipson.net> wrote:

> On 05 Jan 2010 20:28:23 GMT, Bert Hyman <be...@iphouse.com> wrote:
>
>>In
>>news:d2b910fd-14b0-4ce4...@l30g2000yqb.googlegroups.com
>>"nick...@gmail.com" <nick...@gmail.com> wrote:
>>
>>> That's because WiFi access points made by Westell and others are
>>> vulnerable to XSS, or cross-site scripting, attacks that can siphon
>>> a device's media access control address with one wayward click of
>>> the mouse. Once in possession of the unique identifier, Kamkar can
>>> plug it in to Google's Google Location Services and determine where
>>> you are.
>>>
>>>
>>
>>How would knowing my PC's MAC address or the MAC address of my router
>>tell anyone where it's sitting?
>
> It wouldn't. Knowing the IP address would,

Well, no. It would tell you the address my ISP used when the net was
registered, which has very little to do with where I'm sitting at the
moment. It gets the state right though.

The registration info for my machine at work would say I'm in
Pennsylvania.

> and hell all IP addresses are basically known and public. There are
> many IP locator sites on the web, though many are not terribly
> accurate, or only indicate a given region or state.

Wayne R.

unread,
Jan 5, 2010, 10:14:29 PM1/5/10
to
On Tue, 5 Jan 2010 12:21:25 -0800 (PST), "nick...@gmail.com"
<nick...@gmail.com> wrote (with clarity & insight):


Okay, so how would these guys use this info to wreak their havoc?

Mike Russell

unread,
Jan 6, 2010, 3:02:22 AM1/6/10
to

It's a bit of a "fear puff" piece, with a kernel of truth. In theory,
armed with a MAC address, possible to tack into Google Location Services.

GLS provides voluntary location info only to a select group of your
friends. GLS does not provide a wide open method of finding a puter via
the MAC address, as the article implies.
--
Mike Russell - http://www.curvemeister.com

mi...@sushi.com

unread,
Jan 6, 2010, 3:59:10 AM1/6/10
to
On Jan 6, 12:02 am, Mike Russell <group...@MOVEcurvemeister.com>
wrote:

> On Tue, 05 Jan 2010 22:14:29 -0500, Wayne R. wrote:
> > On Tue, 5 Jan 2010 12:21:25 -0800 (PST), "nickw7...@gmail.com"
> > <nickw7...@gmail.com> wrote (with clarity & insight):

>
> >>I know this really isn't to do with GPS, but it's the sort of thing
> >>that is likely to start a discussion here due to it being another sort
> >>of incursion into the realms of geolocation...
>
> >>If you're surfing the web from a wireless router supplied by some of
> >>the biggest device makers, there's a chance Samy Kamkar can identify
> >>your geographic location.
>
> >>That's because WiFi access points made by Westell and others are
> >>vulnerable to XSS, or cross-site scripting, attacks that can siphon a
> >>device's media access control address with one wayward click of the
> >>mouse. Once in possession of the unique identifier, Kamkar can plug it
> >>in to Google's Google Location Services and determine where you are.
>
> >>More athttp://www.theregister.co.uk/2010/01/05/geo_location_stealing_hack/

>
> > Okay, so how would these guys use this info to wreak their havoc?
>
> It's a bit of a "fear puff" piece, with a kernel of truth.  In theory,
> armed with a MAC address, possible to tack into Google Location Services.  
>
> GLS provides voluntary location info only to a select group of your
> friends.  GLS does not provide a wide open method of finding a puter via
> the MAC address, as the article implies.
> --
> Mike Russell -http://www.curvemeister.com

I was surfing on a coffee shop's wifi and a geolocation question
popped up. I don't recall the exact circumstances. My recollection is
it asked for a location to be confirmed. So I suspect some of the
location data is based on the honor system, but here is the real
question. If you have a GPS on your cell phone, and you surf via wifi,
it seems to me there is a possibility that some service could find
your location via the GPS and then tag it to that MAC.

On a blackberry, you have to give each application permission to use
the GPS. So of course if it is no benefit to me, I say no. [For some
programs, such as searching nearby restaurants, I say yes.] But not
everyone may be as careful, so with sneaky programming, I suspect
hotspots can be mapped.

Wayne R.

unread,
Jan 6, 2010, 6:59:59 AM1/6/10
to
On Wed, 6 Jan 2010 00:59:10 -0800 (PST), "mi...@sushi.com"
<mi...@sushi.com> wrote (with clarity & insight):

>I was surfing on a coffee shop's wifi and a geolocation question
>popped up. I don't recall the exact circumstances. My recollection is
>it asked for a location to be confirmed. So I suspect some of the
>location data is based on the honor system, but here is the real
>question. If you have a GPS on your cell phone, and you surf via wifi,
>it seems to me there is a possibility that some service could find
>your location via the GPS and then tag it to that MAC.
>
>On a blackberry, you have to give each application permission to use
>the GPS. So of course if it is no benefit to me, I say no. [For some
>programs, such as searching nearby restaurants, I say yes.] But not
>everyone may be as careful, so with sneaky programming, I suspect
>hotspots can be mapped.

Okay, that's a technical feat of some sort, perhaps leading to
someone's bragging about it.

But in Dick Cheney's most fevered paranoid delusions, how would this
feat lead to what compromises?

People dislike/fear GPS tracking, big brother snooping in their
browser history or email - but happily walk around with cell phones,
and tweeting updates about each ass-scratch while driving. Idiotic TV
cop shows still rely on a long "call tracing" and everyone happily
forgets about Caller ID and the obvious fact that their cell carrier
can always ring the phone without anyone telling anyone where the
thing is.

Don't forget the "deedle-deedle-deedle" sounds that accompany the
transition of a ten pixel security cam image into HD glory. Technology
can do everything.

Zombie-nets barely penetrate the collective consciousness. And
(non)-exploding underwear barely dislodges Katrina-era "preparedness"
that we've spent billions upgrading. And Fox News has lots of viewers,
each more angry than their peers.

It seems what little awareness we collectively have is spent worrying
about the banal.

Mike Russell

unread,
Jan 6, 2010, 7:59:45 AM1/6/10
to
On Wed, 06 Jan 2010 06:59:59 -0500, Wayne R. wrote:

> It seems what little awareness we collectively have is spent worrying
> about the banal.

Collective anything has always been banal. No Exceptions throughout
history. So what's your solution, other than a dab of hand-wringing?

Peter H. Coffin

unread,
Jan 6, 2010, 8:18:43 AM1/6/10
to
On Wed, 6 Jan 2010 00:59:10 -0800 (PST), mi...@sushi.com wrote:
> I was surfing on a coffee shop's wifi and a geolocation question
> popped up. I don't recall the exact circumstances. My recollection is
> it asked for a location to be confirmed. So I suspect some of the
> location data is based on the honor system, but here is the real
> question. If you have a GPS on your cell phone, and you surf via wifi,
> it seems to me there is a possibility that some service could find
> your location via the GPS and then tag it to that MAC.

THAT would be amusing. Because the MAC, in that case as far as any
"exploit" would be concerned, would be close to the client. That is, the
phone. Which moves. "Mobile broadband" products and cellphone tethering
can make it even more fun. I've dragged MACs and associated IP addresses
with me for hundreds of miles that way.

--
On Usenet, webforums and blogs (oh my!) the rational explanation spawns
its own infinite number of irrational explanations.
-- Andrews' Modification of Staples' Observation

Wolfgang S. Rupprecht

unread,
Jan 6, 2010, 5:11:52 PM1/6/10
to

Wayne R. <wruf...@KomKast.net> writes:
> People dislike/fear GPS tracking, big brother snooping in their
> browser history or email - but happily walk around with cell phones,

And with the combination of CALEA and E911, those phones now provide
GPS-quality position reports to any cell tower that asks nicely.
Positional privacy no longer exists for cell phone users.

The other thing I note that people fail to grasp is that cell phones
don't have hook switches like the telephones of old. There is nothing
that disconnects the microphone from the circuit when the phone isn't in
a call. Think about the possibilities. ;-)

Luckily, some security concious organizations are now catching on that
cell phones are the ideal trojan device and requireing folks to leave
their cell phones *outside* of conference rooms.

> and tweeting updates about each ass-scratch while driving. Idiotic TV
> cop shows still rely on a long "call tracing" and everyone happily
> forgets about Caller ID and the obvious fact that their cell carrier
> can always ring the phone without anyone telling anyone where the
> thing is.

The other day a freind was surprised that my pbx gets the calling
phone's ANI (essentially the billing number for the calling phone) for
all incoming calls, even the ones that CLID presentation is blocked.
The public seems to think that blocking the CLID will make them
anonymous, forgetting that all the call routing machinery in the path
knows all the details of the call.

-wolfgang
--
Wolfgang S. Rupprecht
If the airwaves belong to the public why does the public only get 3
non-overlapping WIFI channels?

Bert Hyman

unread,
Jan 6, 2010, 5:20:48 PM1/6/10
to
In news:87d41mv...@arbol.wsrcc.com

wolfgang.ruppr...@gmail.com (Wolfgang S. Rupprecht) wrote:

> The other thing I note that people fail to grasp is that cell phones
> don't have hook switches like the telephones of old.

They can be turned off though. If you're seriously concerned, take the
battery out.

mi...@sushi.com

unread,
Jan 6, 2010, 5:40:13 PM1/6/10
to
On Jan 6, 5:18 am, "Peter H. Coffin" <hell...@ninehells.com> wrote:

Back in the day, a tethered T-Mobile phone would show up as located on
the East Coast (NY or NJ), even when you are on the West Coast. It had
to do with T-Mobile using Omnitel networking after a buy out. Nowadays
my tethering shows up as Los Angeles, no matter where I am.

Wolfgang S. Rupprecht

unread,
Jan 6, 2010, 9:34:25 PM1/6/10
to

Bert Hyman <be...@iphouse.com> writes:
> In news:87d41mv...@arbol.wsrcc.com
> wolfgang.ruppr...@gmail.com (Wolfgang S. Rupprecht) wrote:
>> The other thing I note that people fail to grasp is that cell phones
>> don't have hook switches like the telephones of old.
> They can be turned off though. If you're seriously concerned, take the
> battery out.

I'm not really concerned for myself. I think it is much more of a
problem for high-value targets either for blackmail potential or
industrial espionage. (BTW. Writing an app for that on the HTC/Google
G1 would be trivial. There are already vox-activated voice recorders.
Sending the recorded datastream over the net would be easy.)

As far as my location being available, I've swung the other way. I
figure since every low-paid cell phone employee probably has access to
my location information, I might as well let all my friends see where I
am on Google Lattitude.

Peter H. Coffin

unread,
Jan 6, 2010, 10:41:45 PM1/6/10
to
On 06 Jan 2010 22:20:48 GMT, Bert Hyman wrote:
> In news:87d41mv...@arbol.wsrcc.com
> wolfgang.ruppr...@gmail.com (Wolfgang S. Rupprecht) wrote:
>
>> The other thing I note that people fail to grasp is that cell phones
>> don't have hook switches like the telephones of old.
>
> They can be turned off though. If you're seriously concerned, take the
> battery out.

Phones that are "off" aren't necessarily off. Even if you remove the
obvious battery, you probably haven't verified TODAY that your phone
doesn't have an auxiliary battery someplace inside it, that will power
it via the modified firmware that intercepts the power-off mode to
instead kill all the displays and place a silent call to a predetermined
number and opens the microphone but not the speaker.

Are you paranoid ENOUGH, Citizen?

--
5. The artifact which is the source of my power will not be kept on the
Mountain of Despair beyond the River of Fire guarded by the Dragons
of Eternity. It will be in my safe-deposit box. The same applies to
the object which is my one weakness. --Peter Anspach "Evil Overlord"

do...@21.usenet.us.com

unread,
Jan 7, 2010, 2:04:21 AM1/7/10
to
Sam Wormley <swor...@gmail.com> wrote:
> Nothing to do with WiFi, or routers

A lot to do with WiFi, and nothing to do with IP addresses.

Did you visit <http://www.mozilla.com/en-US/firefox/geolocation/> ?
The Google Wifi lookup is very good. I suspect that Wifi routers were
mapped by the Streetview car that was driving around. It had GPS, and it
would have been trivial to record WiFi information as it drove around.

If you have a streetview in front of your house, and wifi router than can
be detected from the street, I think geolocation will show your location.

Or Samy's page at http://samy.pl/mapxss/
where you can plug in the mac address of a WiFi router, and have it map the
location, including providing a street address.

--
Clarence A Dold - Hidden Valley Lake, CA, USA GPS: 38.8,-122.5

Wayne R.

unread,
Jan 7, 2010, 7:30:40 AM1/7/10
to
On Wed, 6 Jan 2010 04:59:45 -0800, Mike Russell
<grou...@MOVEcurvemeister.com> wrote (with clarity & insight):

>On Wed, 06 Jan 2010 06:59:59 -0500, Wayne R. wrote:
>
>> It seems what little awareness we collectively have is spent worrying
>> about the banal.
>
>Collective anything has always been banal. No Exceptions throughout
>history. So what's your solution, other than a dab of hand-wringing?

Vapid *and* smug? Nice.

On my part, I try to shine a hot light on the silly presumptions &
conclusions people come to. And that there's always time for a bit of
critical thinking. Make a habit of it!

Isn't that why we have these big domes?

Sam Wormley

unread,
Jan 7, 2010, 8:42:25 AM1/7/10
to

It is interesting... when I plug in three of my WiFi MAC addresses,
the locations are a bit scattered and anywhere from a half mile to
a full mile away on streets that require at least a mile of travel
from my house.

Disappointing, in a way!

I will admit that the addresses are close enough for a nuclear
strike.


Sam Wormley

unread,
Jan 7, 2010, 9:04:27 AM1/7/10
to

Sam Wormley

unread,
Jan 7, 2010, 9:33:23 AM1/7/10
to

Wolfgang S. Rupprecht

unread,
Jan 7, 2010, 6:43:46 PM1/7/10
to

"Peter H. Coffin" <hel...@ninehells.com> writes:
> Phones that are "off" aren't necessarily off. Even if you remove the
> obvious battery, you probably haven't verified TODAY that your phone
> doesn't have an auxiliary battery someplace inside it, that will power
> it via the modified firmware that intercepts the power-off mode to
> instead kill all the displays and place a silent call to a predetermined
> number and opens the microphone but not the speaker.
>
> Are you paranoid ENOUGH, Citizen?

I like to play the game in the other direction -- how would *I* design a
trojan phone. Turning on a transmitter is probably too risky. There
are too many ways to spot that. Much safer would be to just cache the
audio and/or gps possitions to flash and upload the data when the main
battery is put back in. The beauty is that in addition to taking the
battery out, someone could even wrap the phone in tin foil and the
trojan would still be able to work.

I've read of a case where the FBI got into trouble for turning on
someone's On-Star cell-phone remotely and listening in to the
conversations inside the suspects car. The judge at the trial wasn't
happy about that, but sadly it wasn't for privacy reasons, but because
they did it in a way that precluded normal service and that deprived him
of a service that he was paying for.

mi...@sushi.com

unread,
Jan 7, 2010, 10:54:25 PM1/7/10
to
On Jan 7, 3:43 pm, wolfgang.rupprecht+gnus201...@gmail.com (Wolfgang
S. Rupprecht) wrote:

Even if you don't pay for On-Star or similar services, it is possible
law enforcement would turn on your tracker, much like they still pay
Usama Bin Laden's satellite phone bill even though he doesn't use it
anymore.

There are "find your phone" applications that have the option to turn
the phone on remotely and listen.

0 new messages