Here is a proof of concept on obtaining *accurate* GPS coordinates of a user sitting behind a web browser via router XSS. The router and web browser themselves contain NO geolocation/GPS data. This is also not IP based geolocation.
I’m not so amazed that a router firmware could be vulnerable to an XSS attack on the WAN facing GUI. Really I’m just pissed that Google has a database that’s public facing and maps mac addresses to GPS. There’s something scary about the fact that I just entered my LAN facing mac address and Google came up with exact coordinates to my building… Here’s how it works:
- Google, while doing streetview, also collected the data of which wireless networks were around, and specifically the MAC address of those routers, and then mapped them to lat-long coordinates.
- This takes advantage of XSS exploits in certain routers – in this case, it only works with Verizon FioS routers, but if XSS exploits are found in other routers it could very well be adapted.
- You visit a malicious page. This page performs said XSS exploit, and retrieves the MAC address from your router.
- Said page, having your MAC addy, then queries google for the lat-long coords where that MAC addy was found during streetview (if it was found, of course).
Related Posts: On this day...
- "Occupy Chicago" just got trolled so hard - 2011
- Tron / Daft Punk easter egg on tronsoundtrack.com - 2010
- New York City to Establish Surveillance Network in Midtown - 2009
- Man evicted from house for resisting warrantless inspections - 2009
- Using Twitter to defy the Government in Iran: Good. Using Twitter to defy the Government in Pittsburgh: Bad - 2009
- Street View operatives object to being snapped - 2008