Welcome to WebmasterWorld Guest from

Forum Moderators: incrediBILL & lawman

Message Too Old, No Replies

Hacker Proves Router Security Weakness

4:16 pm on Aug 3, 2010 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
votes: 565

Hacker Proves Router Security Weakness [bbc.co.uk]
One visit to a booby-trapped website could direct attackers to a person's home, a security expert has shown.

The attack, thought up by hacker Samy Kamkar, exploits shortcomings in many routers to find out a key identification number.

It uses this number and widely available net tools to find out where a router is located.

Demonstrating the attack, Mr Kamkar located one router to within nine metres of its real world position.
11:17 pm on Aug 10, 2010 (gmt 0)

New User

5+ Year Member

joined:Oct 21, 2009
votes: 0

a mac address and a reasonably accurate geolocation would undoubtedly constitute personal information because it would mean that a person could be identified by the geolocation and therefore by the mac address

You cannot allow fringe cases to be the basis of laws; I've already made mention of this point (albeit in a more specific form), but you appear to be willfully ignorant of this fact.

I will reiterate: if you base law on the small percentage of people who fall outside what would otherwise be the accepted norm, you will have no freedom left.

A nationwide list of router mac addresses may possibly have legitimate uses but, in any case, it was created without the necessary permissions.

The MAC Address of any network device is public information if it is publicly accessible; this is because the MAC address is a vital part of the network communication process. It is functionally equivalent to an IP address, although it is not regularly subject to change (but note that it can be changed), and is also sent to network devices as a part of the communication process.

It has also, unless I am horribly mistaken [telegraph.co.uk], been determined that Google's logging of the location and MAC addresses of public wireless networks did not violate the Data Protection Act. In fact, Google was not the first company to do so [skyhookwireless.com].

So, it's not illegal to publish a list of MAC addresses, because they're public information anyway (sent to network devices as part of communications, easily visible if you're in the same location as the publicly accessible wireless network), and it's not illegal to map the geolocation of publicly accessible wireless networks, because they, too, are in the public domain.

It's a tool. It has some good uses. A number of people who would be doing bad things anyway might wind up using it to help. If you take it away, those bad people will still do those bad things.

I would suggest you get used to it.


For clarification, the MAC address is only visible for one layer. However, if it is on a publicly accessible wireless network, it still falls into the public domain, as it's easily visible by connecting to said accessible router.

[edited by: lawman at 11:32 pm (utc) on Aug 10, 2010]

11:33 pm on Aug 10, 2010 (gmt 0)

Moderator This Forum from US 

WebmasterWorld Administrator lawman is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 28, 2001
votes: 60

I think this thread has run its course.
This 32 message thread spans 2 pages: 32