Hack Uses Geolocation to Pinpoint Your Location

In one of the more simple yet clever attacks I’ve seen this year, at BlackHat and Defcon, Samy Kamkar (author of the 2005 Samy MySpace worm) showed how javascript and geolocation could be used to more or less pinpoint a user’s location. An attack Samy dubbed ‘XXXSS‘.

The attack works by using javascript to obtain the MAC address (a unique hardware identifier) of the victim’s network router or gateway, and then submitting it to Google’s Geolocation service to obtain the coordinates. Read more