Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Wireless Networking Privacy Hardware

Locate Any WiFi Router By Its MAC Address 204

coderrr writes "SkyHook Wireless has been wardriving the US for years creating a huge database mapping wireless routers' MAC addresses to their physical locations. They provide an minimally documented API (docs here) which allows anyone to query the database directly for any MAC address. This could potentially allow some malicious individual to find out exactly where you live. Of course for them to get the MAC of your router in most cases will require either being infected with malware or some sort of social engineering attack... Imagine if you got a phishing email that included your home address."
This discussion has been archived. No new comments can be posted.

Locate Any WiFi Router By Its MAC Address

Comments Filter:
  • Security (Score:5, Funny)

    by Anonymous Coward on Friday September 12, 2008 @08:40AM (#24977253)

    This is exactly why it's a *good* idea to steal internet access from the neighbors.

    • Re:Security (Score:5, Insightful)

      by cant_get_a_good_nick ( 172131 ) on Friday September 12, 2008 @12:05PM (#24980741)

      My niece asked me this, should she jump on someone elses WiFi, but this happened right after the big kerfuffle about the DNS hack.

      You realize that you're giving all your data and control over to a machine that you don't control. You hope that it's open because the person is either an idiot or a good guy, but you have no evidence of either at that point. Even something as simple as checking your mail might give people access to your inbox, and all the 'password reset' notices you get.

      • by Xenna ( 37238 )

        That's why I tunnel over OpenVPN...

      • Re:Security (Score:4, Informative)

        by novakreo ( 598689 ) on Friday September 12, 2008 @11:04PM (#24987249) Homepage

        You realize that you're giving all your data and control over to a machine that you don't control.

        Isn't that what you already do with your own ISP? How do you know that some bored guy there isn't already eavesdropping on your data? Or even someone at your ISP's upstream provider?

  • Quick! (Score:5, Funny)

    by Anonymous Coward on Friday September 12, 2008 @08:43AM (#24977287)

    Someone tell San Francisco!

  • Legality of this (Score:4, Insightful)

    by ilovesymbian ( 1341639 ) on Friday September 12, 2008 @08:43AM (#24977297)

    Er, isn't it illegal to wardrive in some states [Florida] in the first place?

    And then putting out the MAC address publicly, like finding someone's SSN and posting it publicly. Oh, I guess its the owner's fault for not securing it.

    • by creepynut ( 933825 ) * <teddy(slashdot)&teddybrown,ca> on Friday September 12, 2008 @08:46AM (#24977355) Homepage

      Unless I am mistaken, securing a wireless router does not stop anyone from seeing its MAC address.

      • Re:Legality of this (Score:4, Informative)

        by grayn0de ( 1301165 ) on Friday September 12, 2008 @09:04AM (#24977695)
        Only when the person is too much of a poser to not find the hidden SSID. Not everyone knows how, though it is incredibly simple. That is the reason why we have security through obscurity, to begin with. Also, to comment on the topic, it does not take social engineering to find the MAC address for a router. Almost every stumbler does that, by default, out of the box. Many will show that there is a hidden SSID, but they may still show the MAC address. Even if they don't, the SSID can be found and the router cracked.
      • Unless I am mistaken, securing a wireless router does not stop anyone from seeing its MAC address.

        IIRC, some tools can show the MACs of connected clients (both wired and wireless) on the router as well. Kismet and Kismac come to mind.

    • Re: (Score:3, Interesting)

      by Anonymous Coward

      Comparing an SSN to a MAC? *Chuckles*

      • Re: (Score:3, Insightful)

        What's funny is that SSNs and MACs are very similar. They are both unique identifiers. The only reason you see it as different is that SSN has been treated more like a password than a serial number.
        • Re:Legality of this (Score:5, Interesting)

          by ElectricTurtle ( 1171201 ) on Friday September 12, 2008 @10:53AM (#24979441)
          That, and MACs aren't a serial number per se (granted blocks of them are assigned to specific manufacturers, but there's a reason that network hardware devices always have S/Ns in addition to MACs), they are ADDRESSES. They are SUPPOSED TO BE KNOWN. It makes no sense that people would freak out about somebody knowing the MAC address of their wireless but not the street address on their mailbox. Oh noes! Somebody might use their 31337 h4x0ring skillz to send me spam and phishing attacks to my interweb mail! Like they don't already? Somebody could send a pipe bomb to your physical mailbox too. Better hide that address, oh wait, you can't.

          Stop scaring the sheeple. I know it's kind of fun, but it's bad in the long term. That's how we get stupid legislation like banning wardriving or public access points/mandatory encryption.
          • Stop scaring the sheeple. I know it's kind of fun, but it's bad in the long term.

            The first half of the MAC identifies a manufacturer. Many manufacturers have multiple entries which in some cases may make it easy to spot a particular product.
            That could lead to thieves targeting locations with premium machines (MacBook Pro etc).
            I saw an online posting indicating that this was happening nearby, but heard no mention of it in the local media so I don't know if it is true. It certainly is possible.

            • And once again back to meatspace, if you live in a mansion, that's a more attractive target than a crapshack. So what. Are all the millionaires going to switch to living in crapshacks just so people don't see an incentive for burglary? I don't think so.
        • What's funny is that SSNs and MACs are very similar. They are both unique identifiers. The only reason you see it as different is that SSN has been treated more like a password than a serial number.

          Only they are not unique identifiers their just identifiers and they are also ridiculously easy to change (due to not being unique this is useful)

          • They must be unique IDs to work correctly. And they are supposed to be assigned as unique IDs, though I agree that does not always happen. But that's like claiming that your mailing address isn't a unique ID because someone on your block mislabeled their mailbox.

            • Re: (Score:3, Informative)

              by clone53421 ( 1310749 )

              It's more like saying that your mailing address isn't a unique ID because somebody else also lives at 123 Main St... in a different postal code. The MAC only has to be unique on your local network, i.e. someone in a different "community" can have the same "address". Your IP address is what is unique, but the problem with IP addresses is that they must only be unique at a single point in time. It's a bit like trying to trace someone by their address when everyone in the community moves every few days. The MA

  • by QuickFox ( 311231 ) on Friday September 12, 2008 @08:44AM (#24977303)

    This is perfect for when IPv6 takes off, with its built-in MAC address. Then my website can scare people shitless by greeting them with a note saying exactly where they live.

    • Re: (Score:3, Insightful)

      by QuickFox ( 311231 )

      "Welcome to my website! By the way, would you like me and my biker friends to pay you a visit at your home on Small Street? Or else, if you prefer, how about you help fill my tip jar? $50 will be fine."

      • Re: (Score:2, Funny)

        To which I'd reply, on their comments page: "I live in Paterson, NJ. Come and get me, motherfucker."

        --#

        • No problem, you can opt out. As long as a few thousand people do pay me each year, I don't mind a few opting out.

          Just don't complain when we come to visit.

    • Re: (Score:3, Insightful)

      by mcmonkey ( 96054 )

      Imagine if you got a phishing email that included your home address.

      You mean like the spam that shows up in the actual mail box most days?

      That stuff has my address on it, yet I still recognize it as spam. How is this any different?

      Must be a web 2.0 thing.

      • Re: (Score:3, Interesting)

        by Lennie ( 16154 )

        Also it already does this, the headers usually include a lot of information already internal (behind the firewall) IP-addresses and/or computer names, etc.

        There is also spam that just resends your own emails to different people you didn't send it to before.

        Those are the really scary ones.

    • by billstewart ( 78916 ) on Friday September 12, 2008 @11:50AM (#24980465) Journal

      IPv6 does have a mode where it autoconfigures devices using a munged version of the MAC address as the lower 64 bits of the address. (It's an ugly munge, not simply a 16-bit subnet plus 48-bit MAC, but in some sense it still gives you Netware-like autoconfig.) It's not clear how many people are going to use that mode, as opposed to a DHCP-replacement mode.

      But that's not going to leak information about the wireless, because typically nobody outside your building is going to talk to the IP address of the wireless side of your router. Either they're going to talk to the IPv6 address of one of your computers, so they might see the MAC address of your laptop, or they might see the MAC address of the Ethernet side of your firewall, but that's different from the MAC address of the wireless side.

    • by blair1q ( 305137 ) on Friday September 12, 2008 @12:36PM (#24981343) Journal

      You mean as though you looked up their name in the phone book?

      Duh.

      One of the points of IPv6 is to get rid of the kind of Internet invisibility that allows spamming and phishing to flourish. Being on the Internet will be like being in public. Privacy will be opt-in. Any community you join will have to agree to allow you to hide yourself. You will be able to hide your identity from other users on a content provider (like here on /.) but you won't be able to hide from the content provider as you DOS his account-creation system or scan his ports.

      Will this create tracking-privacy issues? Sure. But we can deal with those by exercising our right to control the agencies that would use that data. It will prevent much more pervasive problems involving people we don't have legal control of until we catch them.

      You will have the same freedoms you now have - maybe more as you won't have to alter your personality to duck from the trolls or hide your email address from spammers; your security will be increased; and your in-box will have your email in it instead of a flaming bag of crap every morning.

      • Re: (Score:3, Informative)

        by QuickFox ( 311231 )

        IPv6 does support anonymity — see RFC 3041 [ietf.org]. But I ignored that since it would spoil my nice joke.

        Traceable IP numbers would not help against spam and DOS, because that's perpetrated through botnets, not through direct contact.

      • by nurb432 ( 527695 )

        Except standing in public no one knows who you are.

        Id rather stay anonymous on line as well, thank you very much.

        • by blair1q ( 305137 )

          If you do something to disturb the peace, everyone will know who you are. It will be a matter of public record.

    • In IPv6 autoconfiguration, a node forms its address by concatenating a prefix broadcasted by the router and a suffix based on its own MAC address. The leaked MAC addresses would be those of the computers behind the router, not of the router itself. The prefix used would likely be provided by the ISP or tunnel broker, in much the same way that the ISP hands out IPv4 addresses today.
      • > The leaked MAC addresses would be those of the computers behind the router...

        Or whatever number the admin chooses to supply instead.

    • by 3247 ( 161794 )

      Your IPv6 address will include your computer's MAC address, not your access point's.

  • by Robotech_Master ( 14247 ) on Friday September 12, 2008 @08:44AM (#24977329) Homepage Journal

    That's the only reason I can think of for this story suddenly coming up right now--this is what the iTouch uses for its location-detection (and I suppose the iPhone uses it, too, in conjunction with its cell-tower/GPS thing). I never knew about it until I had reason to look it up and find out how my iTouch knew where I was.

    I thought it was a little creepy the first time I realized my iTouch knew more-or-less my exact location--but on the other hand, it's also kinda neat. Too bad it only works in urban areas.

    • Re: (Score:3, Interesting)

      by sammy baby ( 14909 )

      It also has some odd bugs. A few weeks ago I was in a Starbucks in suburban Philadelphia, and my iPhone (using the Starbucks wireless network) put my location as being somewhere in Washington state. Whoops.

    • hmm, i wonder how much fun can be had getting mac fanboys lost using macchanger and this

  • Maybe. (Score:3, Informative)

    by Bill, Shooter of Bul ( 629286 ) on Friday September 12, 2008 @08:46AM (#24977365) Journal
    So all I have to do to be "safe" is to change the Mac address the router spits out? Ok. Not that there was any real risk to begin with. As the summary says there would have to be some malware present that had access to my internal network to send the mac to then look it up. Plus, I don't have the same router I did a year ago. Plus, they'd have to figure out which house I live in. Plus, I think spam with my address wouldn't phase me.
    • Re:Maybe. (Score:4, Insightful)

      by Lumpy ( 12016 ) on Friday September 12, 2008 @08:52AM (#24977471) Homepage

      Exactly. I dont know what hey use for wardriving, but my stuff can not tell me that router B is in that white house across the street while router C is in the brick house with a pentagram painted on the front door next to router A that is in the doghouse in the back yard of that red teepee.

      The story is 90% hooey with 10% sensationalism thrown in for fun.

  • by Anonymous Coward on Friday September 12, 2008 @08:50AM (#24977441)

    Of course for them to get the MAC of your router in most cases will require either being infected with malware or some sort of social engineering attack.

    NORM : Security, uh Norm, Norm speaking.

    DADE: Norman? This is Mr. Eddie Vedder, from Accounting. I just had a power surge here at home that wiped out a file I was working on.Listen, I'm in big trouble, do you know anything about computers?

    NORM: Uhhmmm... uh gee, uh...

    DADE: Right, well my BLT drive on my computer just went AWOL, and I've got this big project due tomorrow for Mr. Kawasaki, and if I don't get it in, he's gonna ask me to commit Hari Kari...

    NORM: Uhhh.. ahahaha...

    DADE: Yeah, well, you know these Japanese management techniques.... Could you, uh, read me the number on the modem?

    NORM: Uhhhmm...

    DADE: It's a little boxy thing, Norm, with switches on it... lets my computer talk to the one there...

    NORM: 212-555-4240.

  • So what? (Score:3, Informative)

    by Inominate ( 412637 ) on Friday September 12, 2008 @08:50AM (#24977443)

    If someone has some sort of malware running on my computer, they don't need my router's MAC address to find out where I live. And in that case, them knowing where I live is the least of my problems.

  • Wrong (Score:5, Insightful)

    by Ancient_Hacker ( 751168 ) on Friday September 12, 2008 @08:59AM (#24977607)

    You don't need malware or anything else to get a router's MAC address, it's in every packet the router sends out.

    And you can't easily get an exact street address from wardriving. All you know is somewhere along the antenna's main lobe there is a router. Could be 10 feet away, could be 500.

    And knowing the MAC address is of no earthly use. Well, in the old days you could map it to a ethernet chip manufacturer, but now most routers have changeable MAC addresses.

    You can't map MAC address to email addresses either, as the summary claims. Sheesh.

    • Re: (Score:2, Insightful)

      by stretch0611 ( 603238 )

      But certain Microsoft products use your MAC address.

      In addition to WGA, I thought that MS-Word used to store your MAC address in the meta-data of the document.

      That way you can trace an anonymous doc to a location.

    • Re: (Score:3, Funny)

      by mapkinase ( 958129 )

      Hmm... Sounds like someone is marking the place of the fish catch by putting a mark on a side of his boat.

    • by Viol8 ( 599362 )

      "You don't need malware or anything else to get a router's MAC address, it's in every packet the router sends out."

      That may be the case, but that address only goes as far as the next router down the chain so unless someone is connected to the original router by a physical connection they'll never find it out - you can't wardrive a cabled network.

        Wifi OTOH using radio allows anyone in range to find out its address. Thats the problem.

      • >Wifi OTOH using radio allows anyone in range to find out its address. Thats the problem.

        What's the problem with knowing a MAC address?
        The MAC is not a key to anything except sending a packet to the router. Which is the whole point of having a WiFi router.

        • by 3247 ( 161794 )

          There is no problem with knowing a MAC address.

          There is no problem with knowing other small pieces of information, which seems to be useless.

          However, there is a privacy problem with knowing a lot of these small pieces of data.

      • Actually, the next router on the chain will see the MAC address of the WAN ethernet port, which isn't generally the same MAC address as the radio broadcasts.

        But you are certainly correct that it's a link-layer protocol that goes no further than 1 hop.

      • Wifi OTOH using radio allows anyone in range to find out its address. Thats the problem.

        So what? There is nothing anyone can do with my MAC address unless they are within range of my router (on the same cable for hard-wired networks). I just don't see how this database would be of any use to someone a number of hops away from me.

        Assuming no hacked hardware between us, my MAC address isn't available for a remote site to look up based upon an IP connection.

        • Basically the concept is this. Some spammer/phisher already has your e-mail address, through whatever means. Someone else stumbled across the MAC of your wireless router by wardriving your neighbourhood and put your MAC and location into a database. If the spammer/phisher can e-mail you and trick you into revealing the MAC address of your wireless router, he can put together the information he knows to link your e-mail address, wireless router MAC, and physical location.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      And you can't easily get an exact street address from wardriving. All you know is somewhere along the antenna's main lobe there is a router. Could be 10 feet away, could be 500.

      Perhaps if you're a crude wardriver. If you're sophisticated, and use a directional antenna on a rotatable mast, or multiple antenans, you could quite easily locate the AP to within a few meters, driving down the street.

      The technology isn't hard (it was used in bygone days to do TV viewership ratings, by looking for LO leakage from

    • Exactly, if you can see the mac address then youre on my router and you can guess I'm nearby.

      This is just as bad as those malware ads that advertise "YOU ARE BROADCASTING YOUR IP"

    • You don't need malware or anything else to get a router's MAC address, it's in every packet the router sends out.

      You need malware if you aren't on the local network. The MAC address only makes sense at the IP layer. And the packet the router sends out on the Ethernet side is going to have the wrong MAC address anyway.

      And the MAC address does have a use if you can map it to a location.

    • by forand ( 530402 )
      I think you missed the point of the original statement. The database is useless for finding where a specific person lives unless you have the MAC of their router.
    • by Splab ( 574204 )

      While getting the exact address is impossible except for remote locations, phishers really don't need it - if you know what neighborhood the machine is located in you can still make a very very "personal" offer just for this one surfer. Imagine someone seeing an "ad" from the local Wallmart including authentic pictures and whatnot claiming they have won a frequent shopper something or other - they just have to fill in some details.

      The more personal the attack is the higher the likelihood of people falling f

    • Also, just because you know a particular routers MAC address, doesn't mean it has any useful purpose past the first hop, as your local MAC address of your router will never get transmitted past the first hop. By the time the TCP/IP packet arrives at its destination, the MAC address on the sending side will be of the last hop router. So, basically, although creating a huge database of MAC addresses to GPS coordinates might seem to be clever, in reality it is very useless because no one is going to be seein
  • Someone should show this to those clueless municipal IT folks out in San Francisco
  • The thing is... (Score:3, Informative)

    by theotherbastard ( 939373 ) on Friday September 12, 2008 @09:09AM (#24977789)
    I believe Skyhook uses the Wireless Antenna's MAC Address, not the WAN Port MAC Address. So, you'd have to be within proximity of the WAP in order to get that information anyway, which means you know about where the WAP is in the first place.
    • True. However, the fact that I can find YOUR wireless network only if I know the general location doesn't change the fact that I can see half a dozen people's wireless networks from where I sit if I'm not particularly trying to locate YOURS.

  • Theft Recovery? (Score:2, Interesting)

    by PainMeds ( 1301879 )
    A lot of different theft-recovery packages report the WiFi router and MAC address back, so this could theoretically be used to recover a stolen laptop that went back online.
  • Late to the party (Score:4, Informative)

    by ElectricTurtle ( 1171201 ) on Friday September 12, 2008 @09:18AM (#24977911)
    Wigle [wigle.net] has been doing this for years and years. They're also almost completely open and cross platform. Besides, if anybody wants to know where somebody is, there are a lot easier ways than trying to link a an address from the media access control layer to some coordinate on a map.
  • Does he verify / update the data from time to time? Given the atrocious life expectancy of your typical Chinese wall-wart power supply that comes with the standard Best Buy / Circuit City-bought router and Americans' propensity to simply buy a new router when their old one appears to die (when 90% of the time it's just a dead power supply), I'd think this data would get stale pretty quickly.
  • This could have been brought to my attention YESTERDAY!!!
  • Guns (Score:2, Funny)

    by grnrckt94 ( 932158 )
    This was exactly what I had in mind when I bought my 12 gauge.
    • Which is exactly why back when I was wardriving I used an 18 dbi omni so I didn't have to be close to anything and did it at 2 am when everybody was asleep.

      Not to mention I religiously carry an H&K USP myself.
  • Imagine if I got a phishing email that included my home address? What difference does it make what information it contains? It's still obviously a phishing email and I'm still just going to forward a copy on to abuse @ whatever domain they're impersonating and then dump it in the spam folder.

    I still don't understand how phishing actually works on anyone... once you understand a basic concept - never follow links from emails that are soliciting information - you'll be fine. I guess people are just hopeless
  • This thing has the potential of turning your laptops wifi card in a poor man's GPS.
    Just check what wifi networks you see, check for them in the db and find your position using signal strength to weight the AP positions.

    It would work quite well in densely populated areas.

    I have been thinking for long about doing something similar with your cell phone. Just check the visible towers, ask google their coordinates and geolocate yourself (if only the symbian API gave you info on other cells apart from the one you

  • Google? (Score:2, Interesting)

    by xandey ( 965813 )

    Isn't this exactly what Google's location api does? Only without the cell tower and GPS functionality?

    http://code.google.com/p/gears/wiki/GeolocationAPI?redir=1 [google.com]

    I would imagine it would be hard to compete by wardriving when Google has an army of mobile phones querying where they are reinforcing the database.

  • I have a Verizon FiOS Wifi / ethernet router. I poked around the settings for the router but I couldn't find its WiFi MAC address listed anywhere.

    Anyone know how I can found that address? (On my client I'm running Ubuntu 8.04)

    • Not all wireless routers have the wireless turned on by default. Beyond that, I would just use netstumbler to find the the MAC of the wireless side of the router ;-P
    • by smoker2 ( 750216 )
      A label on the bottom ?
      • A label on the bottom ?

        Yup. Hidden on the side I couldn't easily see. I was hoping for the more techically interesting solution to the problem, but at least I've got the MAC address now. Thanks.

  • iPhone (Score:4, Interesting)

    by Have Blue ( 616 ) on Friday September 12, 2008 @10:22AM (#24978955) Homepage
    The iPhone already uses this service for AGPS and A-cell-tower-triangulation. It was added in a 1.x update well before the 3G was released.
  • and change your MAC every second

    yes | awk '{system(sprintf("ifconfig eth0 hw ether %02x:%02x:%02x:%02x:%02x:%02x; sleep 1", int(255 * rand()), int(255 * rand()), int(255 * rand()), int(255 * rand()), int(255 * rand()), int(255 * rand())))}'

  • This would be a great DB to have for my custom lojack that reports back to my server the AP SSID and MAC address that any of my laptops are talking to. I'd be able to go to the location myself and verify the AP MAC address is still there, triangulate where the source is, and then notify the police so they could get a search warrant and recover my laptop.

  • One big flaw in this system - as I understand it, MAC addresses are not globally unique as IP addresses are. It's a 48-bit address, but the first 24 are the vendor's ID, leaving only 24 bits for a unique device ID (and these do get recycled). This is good enough in the scope of a local LAN, but Skyhook's system seems to depend on these being globally unique, which isn't the case.

    Anyone know how they deal with this?

UNIX enhancements aren't.

Working...