

Uses XSS and Google Street View Data to Determine Physical Location - isoftusernet
http://www.securityweek.com/hacker-uses-xss-and-google-streetview-data-determine-physical-location
wiredmikey sends along a brief (and quite poorly written) report from Security Week on Samy Kamkar's talk at Black Hat last week. In the video, which is amusing, he demonstrates how to obtain location information (within 30 feet, in the example he shows) of a user who does no more than visit a malicious website. The technique involves sniffing out the local router, breaking into it to obtain its MAC accress, and sending that to Google to extract the router's location from Google's Street View database.
======
tocomment
I don't see how this is possible on many levels:

1\. How do you get a router's MAC address using javascript?

2\. How do you get a router's model number using javascript?

3\. Why does Google maps store location by MAC address?

4\. How do you get this information from Google maps?

Even if you don't specifically know how to do these things, I'd love to hear
how and why they're possible at all.

------
joegaudet
You could determine all of that information with regards to the MAC address by
examining the packets from the user.

But form the video it appears that he mostly leverages lazy network admins,
and the fact that routers are all configured with forms.

