Welcome to WebmasterWorld Guest from

Forum Moderators: incrediBILL & lawman

Message Too Old, No Replies

Hacker Proves Router Security Weakness



4:16 pm on Aug 3, 2010 (gmt 0)

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

Hacker Proves Router Security Weakness [bbc.co.uk]
One visit to a booby-trapped website could direct attackers to a person's home, a security expert has shown.

The attack, thought up by hacker Samy Kamkar, exploits shortcomings in many routers to find out a key identification number.

It uses this number and widely available net tools to find out where a router is located.

Demonstrating the attack, Mr Kamkar located one router to within nine metres of its real world position.


11:17 pm on Aug 10, 2010 (gmt 0)

5+ Year Member

a mac address and a reasonably accurate geolocation would undoubtedly constitute personal information because it would mean that a person could be identified by the geolocation and therefore by the mac address

You cannot allow fringe cases to be the basis of laws; I've already made mention of this point (albeit in a more specific form), but you appear to be willfully ignorant of this fact.

I will reiterate: if you base law on the small percentage of people who fall outside what would otherwise be the accepted norm, you will have no freedom left.

A nationwide list of router mac addresses may possibly have legitimate uses but, in any case, it was created without the necessary permissions.

The MAC Address of any network device is public information if it is publicly accessible; this is because the MAC address is a vital part of the network communication process. It is functionally equivalent to an IP address, although it is not regularly subject to change (but note that it can be changed), and is also sent to network devices as a part of the communication process.

It has also, unless I am horribly mistaken [telegraph.co.uk], been determined that Google's logging of the location and MAC addresses of public wireless networks did not violate the Data Protection Act. In fact, Google was not the first company to do so [skyhookwireless.com].

So, it's not illegal to publish a list of MAC addresses, because they're public information anyway (sent to network devices as part of communications, easily visible if you're in the same location as the publicly accessible wireless network), and it's not illegal to map the geolocation of publicly accessible wireless networks, because they, too, are in the public domain.

It's a tool. It has some good uses. A number of people who would be doing bad things anyway might wind up using it to help. If you take it away, those bad people will still do those bad things.

I would suggest you get used to it.


For clarification, the MAC address is only visible for one layer. However, if it is on a publicly accessible wireless network, it still falls into the public domain, as it's easily visible by connecting to said accessible router.

[edited by: lawman at 11:32 pm (utc) on Aug 10, 2010]


11:33 pm on Aug 10, 2010 (gmt 0)

WebmasterWorld Administrator lawman is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

I think this thread has run its course.
This 32 message thread spans 2 pages: 32

Featured Threads

Hot Threads This Week

Hot Threads This Month