Dan Goodin reports:
A security researcher has devised an attack suitable for stalking and similarly creepy endeavors that uses JavaScript and geo location data from Google to pinpoint a victim’s precise location.
In a talk titled “How I Met Your Girlfriend,” at the Black Hat conference last week, hacker Samy Kamkar demoed the technique, which he cleverly dubbed an XXXSS. Here’s how it works:
- Kamkar lures the victim to a website that uses JavaScript to extract her router’s Media Access Control address and report the unique identifier to the hacker. If JavaScript is unpalatable for some reason, there are other ways to do this.
- Kamkar plugs the pilfered MAC address into Google Location Services. Within seconds, he has a map showing the victim’s location within a few hundred feet.
Read more in The Register.