Try compiling this form with a wifi MAC Address and press Enter (iframe):
The source code is:
#!/usr/bin/python # Copyright (C) 2010 Kees Cook# License: GPLv3 # Find location of a MAC address via Google Location Services # http://code.google.com/p/gears/wiki/GeolocationAPI import cgi import sys, urllib2 import simplejson import pprint form = cgi.FieldStorage() if not form: print "Content-type: text/html" print "" print " Boom " print "Enter MAC address to locate:
" print 'source' print "" sys.exit(0) #try: if True: loc_req = { 'version': '1.1.0', 'request_address': True, 'address_language': 'en', 'wifi_towers': [] } bssid = form['mac'].value loc_req['wifi_towers'] += [{ 'mac_address': bssid.replace(':','-'), 'signal_strength': 1 } ] data = simplejson.JSONEncoder().encode(loc_req) output = urllib2.urlopen('https://www.google.com/loc/json', data).read() output = simplejson.loads(output) print "Content-type: text/plain" print "" pprint.pprint(output) if output['location']['accuracy'] >= 22000: print "# N.B. Accuracy of 22000 or higher seems to indicate unknown location..." else: print "Content-type: text/html" print "" print "Boom " print "Sorry, something went wrong" print ""
Think at the possibility for somebody to bruteforce Google DB and retrieve these infos.
Starting from http://standards.ieee.org/regauth/oui/oui.txt, for example, i can try 16^6 mac addresses starting from 00-18-84 to get info about FON hotspots and achieve locations in a day or less.
I think this is not illegal as this is what my GPhone actually does. PS: I have not checked against any bruteforce prevention.
Thanks to Kees Cook.
Riccardo
mmm.. la cosa non mi piace per niente..
Mark
Some similarities with:
http://www.theinternetpatrol.com/enormous-map-of-wifi-servers-including-yours-revealed-by-aol-and-skyhook-announcement/
Dave
About gears terms: You agree not to access (or attempt to access)
any of the Services by any means other than through the interface
that is provided by Google, unless you have been specifically
allowed to do so in a separate agreement with Google. See
http://gears.google.com/tos.html
Roberto
Pare abbiano anche memorizzato dei pacchetti!
http://www.pcworld.com/article/196397/googles_wifi_spying_what_were_they_thinking.html/