Cyber Stalking: Using Mac Addresses and Google Street View
The Register had an interesting article on cyber stalking earlier this month. At the recent Black Hat conference in Las Vegas, Samy Kamkar had a presentation on cyber stalking called “How I met your Girlfriend”.
In the attack, a malicious Java script on a malware website is used to extract the visitors MAC address. A MAC Address is a unique number hardcoded into networking equipment. When Samy has the MAC address, the information can be inputted into Google’s GeoLocation Services, and the article claims it will respond with a map of the user’s location to within a few hundred feet.
How can it do this? Recently, South Korea’s Cyber Crime unit raided Google’s Soul HQ on suspicions of unauthorized data being recorded during the Street View project. Well, it seems that Wi-Fi MAC addresses were also recorded by Google. All Samy does is trick your router to give up its MAC address, and then he plugs it into Google’s location service to get your general location.
How to defend against this attack? Samy’s script depends upon two things. First, that your area was recorded by the Street View cars. And secondly, that your router is using the factory default password. Easy solution? Set your router password!
There is still a large amount of home users and even businesses that are buying Wi-Fi Routers, and just plugging them in and using them without setting up the security. Samy’s script automatically tries to login to your router with default passwords to get the MAC address. Out of the box most Wi-Fi routers have security turned off and they use a default password. You MUST set the security on your router when you first install them.