Booby-trapped website could direct attacker to person’s home, says expert

August 4th, 2010 - 6:47 pm ICT by ANI  

London, Aug 4 (ANI): A security expert has revealed that it would take just one visit to a booby-trapped website to direct the attacker to a person’s home.

The attack, thought up by hacker Samy Kamkar, exploits shortcomings in many routers to find out a key identification number, and it uses this number and widely available net tools to find out where a router is located.

Many people go online via a router and typically only the computer directly connected to the device can interrogate it for ID information.

However, Kamkar found a way to booby-trap a webpage via a browser so the request for the ID information looks like it is coming from the PC on which that page is being viewed.

He then coupled the ID information, known as a MAC address, with a geo-location feature of the Firefox web browser.

This interrogates a Google database created when its cars were carrying out surveys for its Street View service.

This database links Mac addresses of routers with GPS co-ordinates to help locate them.

During a demonstration, Kamkar showed how straightforward it was to use the attack to identify someone’s location to within a few metres.

“This is geo-location gone terrible. Privacy is dead, people. I’m sorry,” the BBC quoted Kamkar as saying during his presentation.

Mikko Hypponen, senior researcher at security firm F Secure, said it was “very interesting research”, and the thought that someone, somewhere on the net can find where you are is pretty creepy.

Kamkar detailed the attack during a presentation at the Black Hat hacker conference. (ANI)

Related Stories

Tags: , , , , , , , , , , , , , , , , , , ,

Posted in Health Science |