Someone from the annual Black Hat Technical Security Conference has discovered an exploit that unveils the MAC address of someone’s home router and have thought of a potential way of using it to find out someone’s address via a carefully tailored webpage.
It’s an interesting idea minus the privacy concerns…
Every networking device e.g. your wireless router and phone has a unique Media Access Control (MAC) address that identifies it. Usually this can be found printed underneath the device and this MAC address is broadcast together with the signals that the device sends out. There’s not much you can do hide it although there are ways to “spoof” (i.e. change it to something fake).
As you may know, recently Google has been caught up in a fiasco about how they have been gathering unencrypted wireless data around the world including SSIDs and MACs while recording for their Street View service.
As wireless routers aren’t moved between locations very much, the MAC addresses can easily be recorded together with where they’re found which would most likely be your home.
In other words, it’s like having another line tacked to your home address and having public access to it via this exploit. You can imagine the risks this could have via social networking sites such as Facebook – A simple click on one of the ads or games could reveal who you are and your address.
All those jokes about “stalking” someone with these services could really come true ^^;
It looks like all those documentaries regarding the increasing popularity and insecured wireless networks will now be rendered out-of-date. Ah, the thrill and speeding advance of technology…
There has been plenty of programmes advicing people to upgrade from the “flawed” WEP security to WPA but even WPA can now be hacked just as quickly in about a minute. Apparently Japanese researchers have now found a way to break the WPA protected networks just as quick as WEP using a similar kind of attack by targetting small encrypted ARP packets. The fully detailed 12 page academic journal paper can be found in PDF if you’re interested.
Not only that, Russian software vendor ElcomSoft claim they can also crack WPA2 in the same amount of time by making use of today’s modern powerful graphic cards from Nvidia and ATi to brute force the key (i.e. try all passwords possible).
However, this seem to only apply to the TKIP flavour of WPA encryptions. The advice is to switch over to the AES version of the key to make it harder to crack if you networking hardware supports it.
So why should you care about someone getting access to your wireless internet connection? Well they can…
- Get free internet access.
- Steal information from your computers.
- Engage in criminal activity and point suspicion at you.