Quote:
Originally Posted by Stuart C
By default, Firefox asks if you wish to share your location with a website. The article mentions using Firefox. Unless he has found a way to bypass the query (which is possible), then the user would need to consent to send their location.
Still, you can always disable it: http://www.mozilla.com/en-GB/firefox/geolocation/ |
OK, so I have read a little more on this. The above was based on my reading of the BBC Article, which, it seems, is wrong in the way it describes some of the more technical aspects of the attack.
According to
El Register, the attack uses some javacript to log in to the router's web based admin site from the victim's machine. That machine retrieves the MAC of the router from the admin site and sends it elsewhere. I suspect the victim's machine sends the MAC to Google's Location Services, retrieves the location and sends that elsewhere.
I am not sure if I see this as a threat. I complained about Google's actions because Google maintain a *lot* of data tied to a Google ID, including the IP(s) used to access it. With their Street View data theft, they have the rough (to within a few metres) position of those IPs, so they may well have a fairly good idea of who, in what house, has been accessing what. Even if you don't access Google sites regularly, if you have signed into a Google site on a PC, then any sites you visit that use Google AdWords will be logged along with your Google ID.
But, your average hacker probably would not have access to that data. OK, so if you proudly boast on a social networking site that you are off out, and they have your ID on that site, then you could have a problem.