
Find anyone's address from their router MAC code - paolomaffei
http://www.samy.pl/mapxss/
======
eli
If someone is able to determine the MAC address of your router by you simply
visiting a page, you've got bigger problems.

~~~
stanleydrew
What kind of bigger problems?

~~~
eli
Typically this means there's either a serious XSS flaw or a default password
on your router. Someone could, for example, change your DNS settings and start
intercepting your traffic.

------
cschneid
How does google know where MAC addresses are? I thought that they were non-
routable, so they are limited to the extremely local connection. Presumably
the range from your computer to the termination of the cable modem on the
other end.

~~~
eli
It's the MAC or your wireless router. They collected them with their street
view cars.

There was a big, overblown privacy scare some months ago because it was
discovered that the cars also accidentally saved some stray unencrypted
packets of traffic as they cruised around.

~~~
skybrian
Actually, there are third-party services that have made a business of
collecting locations of Wi-Fi routers and I believe Google subscribes to them.

~~~
jonknee
They used to, but now do it themselves and then keep the database up to date
with Android phones. This is why Skyhook is upset and suing:

[http://gigaom.com/2010/09/15/skyhook-sues-google-in-a-
locati...](http://gigaom.com/2010/09/15/skyhook-sues-google-in-a-location-
battle-royale/)

~~~
borism
well, the same is true for Apple who are now collecting location/wireless
footprint themselves with iOS devices without Skyhook.

------
tibbon
Seems to think I'm on Santa Monica Blvd, but I'm in Boston and this computer
has never been to California.

~~~
tropin
Looks like is the way it says "I have no clue of where are you". Santa Monica
Boulevard is like... 10.000 kilometers from here.

------
hebejebelus
Hasn't picked up on any of the router MAC addresses I gave it. Guess it's not
reached Ireland yet…

------
ck2
Tomato firmware (and DD-WRT I think) allows you to randomize your MAC address,
which I do weekly.

------
grandalf
Most of the comcast cable modems I've had in the past years let you see the
mac address if you navigate to 192.168.100.1 without any password, so xss that
loaded that page would work.

------
abraham
After a quick read of the page it sounds like it only works for browsers
authenticated to a specific Verizon FIOS router.

~~~
tptacek
His particular demo only works with a specific Verizon router, but the
notional attack works against any wireless router that has any XSS flaw ---
ie, any wireless router.

There are really just two simple ideas here (taking a couple simple ideas and
plugging them together in some totally unexpected way being a Samy Kamkar
trademark):

* Any website can usually use reflected XSS to interact with a browser's upstream wireless router, because wireless routers suck, and because they assume that the "inside" network is safe.

* There are databases that translate wireless MAC into location (like Skyhook).

------
olalonde
Didn't find anything for my MAC address :(

------
konad
Where "anyone" == "anyone who didn't change the password of their touter"

~~~
stanleydrew
Or anyone who is authenticated and cookied.

~~~
sorbus
Does anyone stay logged into their router when they're not using it? And don't
most sessions expire fairly quickly, anyways?

Besides that, this appears to only work with wireless routers, based on how
google is locating them.

