simonplexus (2064780) writes "With all of the talk about iphone and android location security lately, I thought id share something I came up with a while ago. I saw some talk of getting users router MAC addresses then using this data to talk to google Geolocation API to pull the location from their big wifi database. The methods I saw involved mainly exploiting browsers, then exploiting vulnerable routers to pull the MAC. I figured this needs a better attack vector, something which is less dependent on vulnerable browsers or routers. Java delivered me the answer.
Using signed Java applets under default security settings, Java is allowed access to system calls. Using these calls, one can calculate the default gateway IP of a site visitor (netstat -rn) and then use the ARP table to determine the MAC address of the users default gateway (arp -a).
Plugging that MAC address into Goolge's Geolocation API gives either a pretty accurate location, or a GeoIP only location if google does not know the MAC address. Unscrupulous site operators could then use JSON or AJAX from the running applet to send the resulting location back to their systems and locate website users, with the minimum level of accuracy being GeoIP, the maximum level of accuracy being as accurate as google's DB (it locates me to the house next door)"
Link to Original Source