Web Attack Knows a Person’s HomeBy Dipankar Das, Gaea News Network
Wednesday, August 4, 2010
According to a security Expert, infected web site can redirect an attacker to a person’s home if he visits the web site at least once. As per hacker Samy Kamkar, the attack uses the shortcoming of router to figure out a key identification number. It further uses the the identification number and other net tools to locate the router on the net. He even demonstrated how the attack takes place.
Usually, many computers are hooked up to the internet through a router and in order to connect to the internet those terminals request for ID number, called MAC address from the router. Mr Kamkar showed the way to use an infected web page through a browser so that it appears to the router that the request is coming from regular workstation.
He then combined the MAC address, with a geo-location feature of the Firefox web browser. This asks a Google database created when its cars were carrying out surveys for its Street View service. This database co-relate the Mac addresses of routers with GPS co-ordinates to locate them. During the demonstration, Mr Kamkar showed during the demonstration, how easy it was to use the attack to identify someone’s location within a short distance.
“This is geo-location gone terrible,” said Mr Kamkar during his presentation. “Privacy is dead, people. I’m sorry. The fact that databases like Google Streetview’s Mac-to-Location database or the Skyhook database can be used in these attacks just underlines how much responsibility companies that collect such data have to safeguard it correctly”
Databases like Google Streetview’s Mac-to-Location database or the Skyhook database can be used in these attacks emphasizes the fact that the company should have huge responsibility to protect the data that they collect. Mr Kamkar was ultimately prosecuted and was given three years probation apart from 90 days community work.
Tags: Google streetview, GPS, hacker, Router, Router MAC address, Web page