Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can people really stalk your location with your MAC address?


  • Please log in to reply
12 replies to this topic

#1 BustedFlush

BustedFlush

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:33 PM

Posted 12 January 2017 - 01:12 PM

If someone got your IP address, could they then remotely access your router, get your devices MAC addresses, then be able to track your location for as long as you own those devices?

 

 



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:33 AM

Posted 12 January 2017 - 06:19 PM

I suppose if you have a vulnerable router it could be hacked remotely.

Theres been several router manufacturers in the news recently for just that. I recall TP-Link and Netgear, maybe more. Check for a firmware update and disable remote management, change default passwords, Disable UPnP. Use WPA or WPA2, not WEP.

 I dont think a machines MAC address is passed along very far as packets make there way to there destination. So I say no, not possible to track a physical location based on a MAC.  Iam sure just a compromised router on its own would be much more lucrative.


How Can I Reduce My Risk to Malware?


#3 BustedFlush

BustedFlush
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:33 PM

Posted 13 January 2017 - 05:57 AM

Thanks Shelf Life. I did all that previously, and saw no modifications or changes in anything. My one concern was that someone logged onto the router while there was no password, noted the MAC numbers, and then can use that as a means of tracking my location. I read an article that suggested this was possible, just wanted to check the credibility of it.

 

So ultimately do you think someone could conceivably do that?



#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:33 PM

Posted 13 January 2017 - 02:27 PM

In network connections, the MAC address of your devices is only transmitted on the LAN/Wifi network. Once a packet goes through a router, the MAC addresses are replaced by MAC addresses of the network devices on the next segment.

 

Remark that with Wifi, it is not necessary to access the router to know the MAC addresses of the devices connected to it (per your example). One just needs to observe the network traffic to the access point, to get the MAC addresses of all connected devices. MAC addresses are not encrypted, even with encrypted Wifi (WEP, WPA, ...)

But it requires that the observer is within close enough distance of the access point to be able to capture the radio signals.


Edited by Didier Stevens, 13 January 2017 - 02:35 PM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 BustedFlush

BustedFlush
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:33 PM

Posted 13 January 2017 - 02:48 PM

Thanks Didier, so it would be possible for someone who had access to IP to get the MAC addresses?

 

I mean someone who gained access remotely, via ip or router, and has never used my wifi in the house.


Edited by BustedFlush, 13 January 2017 - 02:50 PM.


#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:33 PM

Posted 13 January 2017 - 03:05 PM

That would require that your router be vulnerable, badly configured or used default/weak passwords.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#7 BustedFlush

BustedFlush
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:33 PM

Posted 13 January 2017 - 03:33 PM

Yes that could have been the case. Let me outline it:

 

Someone gained access to my IP address. My ip is dynamic, and right away i pulled cable, switched off router (thus got new ip address, as i understand).

 

I then didnt think much more of it. Then later i read about Router Security, so secured the router, set a p/word, and checked for any signs of intrusion - there were none that i could see - firewall was enabled, nat, and WAP2. I have since gone through the router and it seems nothing happened.

 

Now after reading something about MAC addresses being used to track people, it has made me aware that they could potentially have got my MAC address and could now find my location via tracking, both now and in the future.

 

Do you think this is conceivable?

 

The one issue that i'm not really clear on is the first one - For example: if you got my dynamic IP address at 930pm tonight. At 931pm I pulled the plug on all router and net cables (thus was given new IP), could you then gain access to my router with the old IP address? 



#8 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:33 PM

Posted 13 January 2017 - 03:50 PM

What did you read about MAC addresses and tracking?

As I tried to explain, your MAC addresses are not used end-to-end on the Internet.

 

If you have received a new IP address, then your old address is either

1) not in use, and this can not be used to connect to

2) already in use by another modem, and then connection attempts will be directed to that other modem.

 

Your modem is no longer reachable with the old IP address.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#9 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:10:33 PM

Posted 13 January 2017 - 06:06 PM

Spying Agencies Tracking Your Location. https://thehackernews.com/2014/01/spying-agencies-tracking-your-location_31.html

CSEC used airport Wi-Fi to track Canadian travellers: Edward Snowden documents.
http://www.cbc.ca/news/politics/csec-used-airport-wi-fi-to-track-canadian-travellers-edward-snowden-documents-1.2517881
http://www.cbc.ca/news2/pdf/airports_redacted.pdf

Why MAC Address Randomization is not Enough: An Analysis of Wi-Fi Network Discovery Mechanisms. http://papers.mathyvanhoef.com/asiaccs2016.pdf
 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png


#10 BustedFlush

BustedFlush
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:33 PM

Posted 13 January 2017 - 06:13 PM

TBH i dont really care if State Agencies could track me, as frankly they wouldn't bother, and i always assume if they ever would bother they'd gain full access to whatever interested them anyway. It's more the idea that just random people with a bit of basic IT knowledge could track and monitor you, with a few details such as IPs, MAC addresses, that i find creepy. 



#11 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:10:33 PM

Posted 13 January 2017 - 07:35 PM

TBH i dont really care if State Agencies could track me, as frankly they wouldn't bother, and i always assume if they ever would bother they'd gain full access to whatever interested them anyway. It's more the idea that just random people with a bit of basic IT knowledge could track and monitor you, with a few details such as IPs, MAC addresses, that i find creepy.

The US government may be behind an new malware attack against TOR networks. The malware is designed specifically to attack the Tor browser. The strongest clue that the culprit is the FBI is that the malware does nothing but identify the target. It looks up the victims MAC address and the victims Windows hostname. Then it sends it to the Virginia server, outside of Tor, to expose the users real IP address, and coded as a standard HTTP web request.Some visitors looking at the source code of the maintenance page realized that it included a hidden iframe tag that loaded a mysterious clump of Javascript code from a Verizon Business internet address located in Virginia. http://www.wired.com/threatlevel/2013/08/freedom-hosting/

Just as the FBI used this technique to hack TOR users, similarly the same can be executed by "just random people with a bit of basic IT knowledge could track and monitor you, with a few details such as IPs, MAC addresses, that i find creepy."

Using javascript, or so other scripting, to run this code stealthy on your PC will give the attacker bountiful information to track you.

arp -a&&ipconfig /all&&netstat -ano
Run the above line of code at the command prompt to see what it shows. Actually, I have sanitized (removed code) the above line of code.

Edited by Crazy Cat, 13 January 2017 - 07:39 PM.

 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png


#12 BustedFlush

BustedFlush
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:33 PM

Posted 13 January 2017 - 07:46 PM

Sure, but they'd need access to your computer, either remote or on hand, to run codes like that. Point is without that, just MAC addresses on their own can't be used in this manner, no? 



#13 shadow_647

shadow_647

  • Banned
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:33 AM

Posted 15 January 2017 - 03:41 PM

Using javascript, or so other scripting, to run this code stealthy on your PC will give the attacker bountiful information to track you.

 

Now you know why i don't like java-script, and have it off most of the time and no flash player.

 

http://browserspy.dk/






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users