I just found out something very interesting. The Google Maps car that drives around takes pictures and logs coordinates, but what not many people know is that it logs also WiFI, Cellular and other packets. It logs WiFi SSID's, MAC Addresses and other crap. And the most scary part? They have a fucking API for it. Literally, you enter a MAC Address and you get the pinpointed location of it.
But how will someone get your MAC Address, right?
Imagine this: A XHR Request is made to 192.168.1.1 or likewise, log in with default credentials and sweep the router configuration for a MAC Address and POST the data back to the website. Boom, they know exactly where you live.
tl;dr: Hide yo ssid, hide yo mac address, Google is looking!
yeah just checc the Street View date on your street and if it's recent change your MAC
funny that I just started reading Hacking Exposed and this was one of the first attack vectors detailed
Jack Watson
You can only make XHR request to 192.168.1.1 from 192.168.1.1.
Liam Reyes
Can someone confirm this?
Jordan Anderson
Can't you? This shit is trivial.
Grayson Rodriguez
Same Origin Policy confirms it. Otherwise it would have been a major security risk
Mason Morris
>literally broadcast your mac address over the air >give a fuck that someone knows a 6 byte number that only tells them who manufactured my nic
Pick 1
>Request is made to 192.168.1.1 considering that's a reserved address it's not going to tell them shit about me unless they're on my lan already
Jacob Diaz
>>considering that's a reserved address it's not going to tell them shit about me unless they're on my lan already The request is going to fail for entirely different reason. 192.168.1.1 is not reserved.
Isaac James
You idiot, it's not for locating individual devices, it's for location finding without GPS data, or to assist faster pinpointing, by having a database of fixed wifi hotspots.
The technique was invented by a company called Skyhook, and is used by Apple (and others) for quick pinpointing while GPS locks in, and for devices without a GPS chip.
>>Boom, they know exactly where you live.
No, they know where device with MAC address 01-23-45-67-89-ab-cd-ef is approximately located. It's mostly used for triangulation of multiple devices and their signal strength to give you YOUR approximate location. It's not super accurite and it can break when devices change location or there's old data for the area.
If you don't want companies like this snooping your MAC address, because you're some kind of paranoid idiot or something, don't hide your MAC (because this will break basic networking), hide your SSID.
James Clark
>192.168.1.1 is not reserved.
Uh, yeah it is. It's a Class C address and cannot be used on the Internet. It's for local LAN addresses only.
Brody Thomas
sup cisco
Ryder Long
Just like any other LAN address. It's not special in any way - the web does not care if it's a LAN address or Internet address. That request will also fail if you make it from 192.168.1.40 to 192.168.1.1
Asher Allen
My dad works for Fox news and says it's correct
Joshua Price
So if that's the case can you give me an IP thats not reserved?
If anyone could get a live demo where you just put a MAC address in and retrieve location, then that would be cool, but you first need to know the mac address, and also Google's API doesn't even give you location data on the mac address, it just reports the signal; strength, age, channel and S-T-N ratio, Nor can you get nearby Wifi data through the use of the google street view.
You really think if this worked it wouldn't have been exploited by now?
Angel Price
You'll have to ask IANA.
Charles Diaz
MAC address is not important for this. It's the SSID's that are monitored. Even if you turn it off on your own router, still other people in your neighbourhood will have unique SSIDs, so they will still be able to pinpoint you.
Well, as long as they have acces to your network driver. I assume google has it for your android phone...
>A XHR Request is made to 192.168.1.1 That's some shitty browser AND router you got there to let that get through. CORS would prevent your browser from making such a request, unless your router EXPLICITLY allows it. If that's the case, your route manufacturer must hate you.
