Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Google

+ - Leveraging Java applets & Google to locate use->

Submitted by simonplexus
simonplexus (2064780) writes "With all of the talk about iphone and android location security lately, I thought id share something I came up with a while ago. I saw some talk of getting users router MAC addresses then using this data to talk to google Geolocation API to pull the location from their big wifi database. The methods I saw involved mainly exploiting browsers, then exploiting vulnerable routers to pull the MAC. I figured this needs a better attack vector, something which is less dependent on vulnerable browsers or routers. Java delivered me the answer.

Using signed Java applets under default security settings, Java is allowed access to system calls. Using these calls, one can calculate the default gateway IP of a site visitor (netstat -rn) and then use the ARP table to determine the MAC address of the users default gateway (arp -a).

Plugging that MAC address into Goolge's Geolocation API gives either a pretty accurate location, or a GeoIP only location if google does not know the MAC address. Unscrupulous site operators could then use JSON or AJAX from the running applet to send the resulting location back to their systems and locate website users, with the minimum level of accuracy being GeoIP, the maximum level of accuracy being as accurate as google's DB (it locates me to the house next door)"

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Leveraging Java applets & Google to locate use

Comments Filter:

If you steal from one author it's plagiarism; if you steal from many it's research. -- Wilson Mizner

Working...