Your GPS Coordinates, Exposed

See SKYHOOK Wireless WiFi Positioning System

Your IP address implies a geographic area, but is not particularly accurate. To get more accurate information:

What’s the MAC address of your router, your network access point? You can easily find out with:

  1. Learn your gateway (router) address. The IPCONFIG command can show your gateway address. A typical answer is “192.168.1.1”.
    C:\>ipconfig
  2. Learn the MAC address of your gateway. The ARP command can show the MAC address.
    C:\>arp -a 192.168.1.1

Now you have your router’s MAC address. Or just look on the router, since it is printed on a label. Or the box the router came in; there’s a label there, too.

At http://samy.pl/mapxss/, type your router’s MAC address into the “Search MAC” field. Scroll down to see your current physical location and its GPS corrdinates.

This illustrates that you can covert a router MAC address to a geographic location. The rest of http://samy.pl/mapxss/ describes one way a person could determine the router MAC address of persons visiting a web site. By extension, http://samy.pl/mapxss/ illustrates how a web site could gather GPS coordinates of its visitors.

See also: Samy Kamkar’s Black Hat 2010 / Defcon 18 presentation: How I Met Your Girlfriend for a description of using a MAC address and Google Location Services to track a person.

What’s the trick? No, your router is not a GPS device in disguise. Wireless access points are. Wireless access points passing through your router indirectly add GPS information to the router.Without wireless devices, the router has an IP address which still provides some geographic information.

A less dramatic illustration is at ip2location.com.

The Geolocation API is the interesting change to web applications. As implemented through Google Gears, user consent should be required. As illustrated by http://samy.pl/mapxss/, user consent can be bypassed.

See also: Navigation without GPS: define your location using IP, GSM/UMTS and Wi-Fi

  1. You can determine your IP address and then use a special database to get the location of your city. Those databases often include city’s longitude and latitude.
  2. You can determine the location of the next-door GSM / UMTS base station. This works only if you have the tower’s coordinates and identifiers database.
  3. You can also use the nearby Wi-Fi access points to calculate the latitude and longitude. You just have to send a certain request to a special server including their characteristics.

Using latitude and longitude to find a location in Google Maps:

http://maps.google.com/maps?f=l&hl=en&q='+query+'&near='+str(latitude)+','+str(longitude)+'&ie=UTF8&z=12&om=1

This entry was posted on Friday, January 8th, 2010 at 12:33 PM and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.