Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Leveraging Java applets & Google to locate use

simonplexus (2064780) writes | more than 3 years ago

Google 0

simonplexus (2064780) writes "With all of the talk about iphone and android location security lately, I thought id share something I came up with a while ago. I saw some talk of getting users router MAC addresses then using this data to talk to google Geolocation API to pull the location from their big wifi database. The methods I saw involved mainly exploiting browsers, then exploiting vulnerable routers to pull the MAC. I figured this needs a better attack vector, something which is less dependent on vulnerable browsers or routers. Java delivered me the answer.

Using signed Java applets under default security settings, Java is allowed access to system calls. Using these calls, one can calculate the default gateway IP of a site visitor (netstat -rn) and then use the ARP table to determine the MAC address of the users default gateway (arp -a).

Plugging that MAC address into Goolge's Geolocation API gives either a pretty accurate location, or a GeoIP only location if google does not know the MAC address. Unscrupulous site operators could then use JSON or AJAX from the running applet to send the resulting location back to their systems and locate website users, with the minimum level of accuracy being GeoIP, the maximum level of accuracy being as accurate as google's DB (it locates me to the house next door)"

Link to Original Source

cancel ×

0 comments

Sorry! There are no comments related to the filter you selected.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>