«
»

WiFi location vulnerability


Interesting video on “hacking” the google WiFi location service from the “black hat” conference.

http://www.securityweek.com/hacker-uses-xss-and-google-streetview-data-determine-physical-location

The basic gist of it is

  1. Create malicious html page which tries to load local router status pages in hidden iframes – i.e. http://192.168.1.1/router.asp?status, http://10.0.0.1/index.shtml, etc…
  2. Use javascript to parse DOM tree and read the status page text (and WiFi router MAC address).
  3. Send MAC address back to server (via JSON/POST, etc)
  4. Perform lookup on Google location service using discovered MAC address
  5. Google returns location of discovered MAC address.

Of course, this only woks if the users browser same origin policy allows parsing the DOM tree of the iframe, which I think most browsers would disallow…

I went looking at my home router status page and, sure enough, it shows the WiFi MAC address on the status page which is accessible on the local network without logging on.

This entry was posted on August 4, 2010, 10:00 am and is filed under Stuff. You can follow any responses to this entry through RSS 2.0. You can leave a response, or trackback from your own site.

  1. No comments yet.
(will not be published)