Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Black Hat

Hacker Uses XSS and Google Street View Data to Determine Physical Location

Black Hat - How I met your GirlfriendSamy Kamkar, in an incredibly interesting session at Black Hat titled “How I Met Your Girlfriend,” highlighted new types attacks executed from the Web.

Black Hat - How I met your GirlfriendSamy Kamkar, in an incredibly interesting session at Black Hat titled “How I Met Your Girlfriend,” highlighted new types attacks executed from the Web. During his talk Kamkar demonstrated how to extract extremely accurate geo-location information from a Web browser, while not using any IP geo-location data.

Kamkar, by convincing the victim to visit his malicious Web site, used remote JavaScript and AJAX to acquire a routers MAC address. When the unsuspecting user visited his malicious Web site, JavaScript remotely scanned for the type of router used, accessed the routers MAC address and sent it directly to him. From there, he was able to utilize Google Street View data to determine the location of a router – in his case, accurate within 30 feet.

Kamkar, author of an XSS worm that hit MySpace and generated over 1mm friends for him in less than 24 hours, demonstrates this hack in the video below.

Video of Samy Kamkar demonstrating the geolocation hack from his talk at Black Hat 2010 last week in Las Vegas.

Subscribe to SecurityWeek by RSS (Opens New Window)

Related Video: Barnaby Jack Demonstrates ATM Hacking at Black Hat

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Black Hat

Black Hat 2019 recently wrapped in Las Vegas, where somewhere between 15,000 and 20,000 experts descended to experience the latest developments in the world...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.