A well-known hacker has revealed a rather disturbing trick that allows a ‘booby-trapped’ website to work out exactly where you are, to within a few meters.
The BBC reports that Samy Kamkar, best known for his Myspace worm in 2005, discussed the technique at the Black Hat conference in Las Vegas last week.
Here’s how the attack works: It begins by the hacker contacting a target and persuading them to visit a specially-prepared website. He can then use Google’s location database to find the target’s whereabouts.
This is made possible because Google’s Street View cars create a database of wifi router locations as they travel around. This is meant to be a good thing as it means Google Maps and other legitimate apps can find out where you are by triangulating nearby wifi hotspots. However, Kamakar’s trick uses the data to locate you without your permission. He reportedly located one router to within nine meters of its actual position.
Kamakar described the tactic as “Geo-location gone terrible”. That said, targets would have to be using a recent, geolocation-enabled browser and have the feature enabled. They’d also need to have a stalker with hacking skills after them. While it’s frightening to think this might happen, chances are you can relax safe in the knowledge that nobody is likely to be that interested in tracking you down – and even if they are they probably don’t have access to this hack.
Get the TNW newsletter
Get the most important tech news in your inbox each week.