
Google map a cellphone knowing its MAC address - gasull
http://thebmxr.googlepages.com/Don_t_Locate_me.pdf
======
Timothee
The title of the submission seems wrong to me.

Reading the article, I understand that you can obtain the approximate location
of a WiFi router knowing its MAC address. It doesn't sound as worrying as
getting the position of a cell phone though. The number of cases where you
know someone's router's MAC address but not where they live seem very limited
to me. Or at least, if you know someone's MAC address, there are plenty of
other ways to find out where they live, including asking or following them.
(non-tech old school ways)

Am I missing something?

Note that the 'hack' and the explanation are interesting. Just not as worrying
as presented IMHO.

~~~
dandelany
This is what I thought at first too, but I think what he's saying is that the
wireless AP you set up on your computer spoofs the victim's phone, using the
phone's MAC address, wherever it is in the world. Then, when you use _your_
iPhone/iPod Touch connected to that AP (the one he's talking about in step 3
is, I think, " _yours_ " and not " _the victim's_ ") and use the "locate me"
feature, the Skyhook system polls both your iPhone and the victim's for nearby
wireless AP's that are in its database (this is why it's important not to be
near other AP's). When the victim's returns a whole bunch of Skyhook AP's and
yours returns nada, Google Maps tells your phone it's located at the victim's
location. Interesting.

The "not being near Skyhook AP's" caveat might make this hack difficult to
pull off in urban areas, but I'm sure it wouldn't be too hard to build an
iPhone Faraday cage :)

~~~
pmorici
It was my impression that he was locating an access point and not the phone.
What he is doing is tricking the iPhone into thinking it is located where the
victim's AP is because it sees an AP with the victim's MAC address.

I'd question whether or not he has actually tried this. If you read how the
skyhook service [<http://www.skyhookwireless.com/>] works, it says it uses a
combination of wi-fi, GPS and cell towers. So in order for it to show you a
wrong location based on a single cloned access point you would need to shield
the iPhone's GPS, and GSM antennas and then hope the software is naive enough
to estimate your location based off one data point.

~~~
m0nkeym4sk
<http://thebmxr.googlepages.com/home2> shows a video of it being done but you
have a good point.

------
thebmxr
The title is wrong. This only finds an AP's Location not a cellphone or iPod.
Yes it has been tested and No you don't need to drive past someone's house to
get their MAC address there is several other ways to do that. Yes this can be
accomplished in other ways such as asking, but that is like saying you can
steal someones credit card from their pocket instead of creating a complex
phising site

------
DenisM
Let me get this straight. If you are near my house, you can learn MAC address
of my wifi rotuer. And then you will be able to use MAC address to know where
I live.

I am not very frightened yet.

------
coderrr
Simpler way to achieve the same thing here:

<http://news.ycombinator.com/item?id=299982>

