Skip to main content

Hacker uses Street View to find where you live

A hacker has found a way to discover a user's location - down to a few metres - and all it takes is for the unsuspecting user to be tricked into visiting a bogus website.

The trick was demonstrated by hacker Samy Kamkar at the recent Black Hat hackers conference in Las Vegas. It works by tricking the user's router into revealing its MAC address and makes use of a new geo-location feature built into the Firefox web browser.

MAC or 'Media Access Control' addresses are used to uniquely identify specific items of network hardware such as a router. Usually, only computers that are directly attached to the router can interrogate it for its MAC address.

Kamkar has discovered a way to remotely extract the information using malicious JavaScript code when the victim visits a booby-trapped web page. This makes it appear to the router that the request has come from the victim's own computer.

Once the router's MAC address has been obtained, Kamkar uses a geo-location feature built into Mozilla's Firefox web browser.

This feature queries the Google Location Services database, compiled by the search giant using information gathered by the cars sent out to take pictures for the Google Street View service.

The Google database links MAC addresses with GPS coordinates, enabling a specific network router to be located down to a few metres.

The information isn't part of the controversial 'payload' data that Google claims to have collected by accident. But the attack can only be carried out upon victims whose MAC addresses have been logged by Google's Street View cars, and whose administrative password have not been changed from their default setting. Other than that, however, the exploit is fairly straightforward.

Kamkar has previous form for his hacking exploits. A worm he created in 2005 earned him a million unsuspecting MySpace friends in one day - and subsequently, 90 days' community service and three years on probation.

During the presentation, which he called 'How I met your girlfriend', Kamkar demonstrated the technique by identifying the location of a router in the conference centre down to an accuracy of nine metres. He went on to show delegates the address of Hollywood actress Anna Faris to within 30 metres.

Summing up, the hacker warned:

"This is geo location gone terrible. Privacy is dead, people." monitors all leading technology stories and rounds them up to help you save time hunting them down.