Geo-location from MAC address

[trm]

Interesting one here. This demo is actually to show that a malicious person can find your geographical location without you being aware (it relies on Cross-site scripting holes in a number of routers, but the demo code is only for Verizons FIOS service so won't be relevant here - but you basically visit any random website and they use the XSS to get your router MAC).

But the interesting part is that my wireless MAC showed up with an accurate location. The MAC is sent to google who return a geo-loc for it; gathered I assume by their Street View vans.

http://www.samy.pl/mapxss/

It's worth trying all of the MACs you have (cable modem WAN-side, cable modem LAN-side, same for ADSL) as well as your wifi MAC even though the wifi MAC is the one most likely to register a hit. No point checking your PC ethernet as that MAC doesn't ever go further than your broadband device.

Good job that layer 2 switching is designed the way it is

I'd be interested to know how many people who try this get an accurate location. Mine is literally street & position accurate!

I don't know the guy running the site, but a look at his page code doesn't suggest anything hinky is going on. I think he really is a good guy demonstrating what the black hats are up to. And there isn't much they can do with the data, even if they're baddies - at best they can tie your IP to a MAC address and try a geo-loc from the IP, but they've got that info anyway as you connect.

 

[Guests]

it cant find my mac

 

[andyman]

Found my lan mac but not the wan or wifi, again street & position accurate

Andy.

 

[grobda]

i guess the blue blob is 100 yard radius, with my house central to it. scary and impressive!

 

[backflipper]

I need to hide myself from the web

 

[Alpha1]

I'm safe, phew. Doesn't surprise me though as Google shows where I live as houses that are still being built.

 

[guddler]

If I just click on the link in my browser as instructed to when using Chrome it reckons I'm in London - epic fail!

If I'm a bit kinder and I paste the WAN Mac address of my router it at least gets the correct town, but nothing like the correct area.

 

[karlcdoe]

No results returned from the MACs for my router or two firewalls, which on the face of it is a good thing...

 

[DanP]

Bizarre. I put in my routers MAC and nothing. I incremented the last digit by one (from F0 to F1) and it found my appx location. Not sure what's happening there...

Dan

 

[trm]

Bizarre. I put in my routers MAC and nothing. I incremented the last digit by one (from F0 to F1) and it found my appx location. Not sure what's happening there...

Dan

When you incremented it did you hit the MAC of a wifi interface on the router?

It's quite unlikely that any wired ethernet MACs will get an accurate hit on here as the MAC isn't transmitted past the next network device, so to know your MAC and location something has to be connected to your net (without a router, switch etc being between them and you) and they also need your GPS coords. The only thing I know that's been doing this is Google with StreetView and their wifi sniffing.

 

[DanP]

I can't find a MAC with F1 on my router but I suspect you're right it's another interface off the same one. Spooky.

Dan