How to look up the GPS location of your MAC address or car on the Internet

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
If you know the MAC address of your equipment (e.g., automotive WiFi  
beacons), and the MAC address of someone else's equipment, how can you look  
up *where* your phone currently is?

I know that a public free easily accessible Google API maintains that  
information, where if you know the MAC address of the person you're trying  
to track, you can find out instantly if two MAC addresses are near each  
other from anywhere in the world:
https://developers.google.com/maps/documentation/geolocation/intro

For the Google lookup, the only *mandatory* parameters are:
1. MAC ADDRESS #1
2. MAC ADDRESS #2
3. A fabricated signal-strength value

However, there must be *other* MAC-address GPS-location lookup engines on  
the net, for example, you can track vehicle beacons here:
https://wigle.net

Do you know of other MAC address location lookup engines?




  

Re: How to look up the GPS location of your MAC address or car on the Internet
Quoted text here. Click to load it

You cannot. There is no necessary relationship between IP addresses and
location. Now often there is some rough correlation, but that is all you
can do.  

Quoted text here. Click to load it

Nope.


     Except for fun, I would not rely on it.  
As a trivial example, lets say I run a VPN from Vancouver to Italy. My
IP will probably be an Italian one as far as the world is concerned. My
computer however is in Vancouver.  

Quoted text here. Click to load it

Re: How to look up the GPS location of your MAC address or car on the Internet
On Wed, 14 Sep 2016 00:24:59 -0000 (UTC), William Unruh wrote:

Quoted text here. Click to load it

I realize you're trying to help, so I will just try to be gentle at the
same time I'm trying to be blunt (you can do the same with me).

Nobody said anything about IP addresses.
And the *location* is inside of Google's database.

What I'm trying to understand is how the system works.
And then I'm trying to see if there is a *vulnerability* in the system.

I'm not a hacker (as a hacker would have far more technical acumen and a
hacker wouldn't be asking about a vulnerability on the net like this).

What I see is a *vulnerability* but you're *never* gonna see that
vulnerability if you keep talking about IP addresses!

Quoted text here. Click to load it

I realize you're trying to help, but just saying "Nope" wastes *everyone's*
time, including yours and mine - but mostly other people have to read me
responding to you, which, if all you say is "Nope" means you don't have a
clue what you're talking about.

It's a *fact* that you can query Google's database to find the *location*
of a BSSID. Google implemented a (IMHO weak) "security" system by requiring
*two* BSSIDs.

It's this weak security that I'm searching for the vulnerability of.

It's a *fact* that you only need three things to get a GPS location out of
the Google database:
1. BSSID 1
2. BSSID 2 (added as a weak security feature!)
3. Signal Strength

Do you dispute *that* fact?

Quoted text here. Click to load it

That's not at all the point!
I am probing a perceived privacy vulnerability in the Google system.
I am doing this not to take advantage of that perceived vulnerability, but
to better *understand* that privacy vulnerability.

Specifically, with the facts known, "if" your cellphone does broadcast an
SSID, then your cellphone *can* be tracked.

Do you dispute that statement (which I have backed up in gory detail
already)?

Why or why not?
  
Quoted text here. Click to load it

*[Where is Jeff LIebermann when we need him?]*


What on earth does this question have to do with IP addresses?

I realize you're trying to help - but what you're doing is *jumping* to
conclusions that *nobody* else is talking about.

VPN has *nothing* whatsoever to do with this problem.
The entire Internet has (almost) nothing whatsoever to do with this
problem.

The *only* way the Internet is even involved is that your neighbor's
cellphone is *sending* your SSID & MAC & GPS location & Signal Strength
(etc) of your router *over* the Internet to Google.

So the IP address (and VPN) is completely irrelevant to this question.

Quoted text here. Click to load it

This question has absolutely nothing to do with IP addresses and VPNs.
Where did you get the idea that the question had *anything* to do with the
Internet?
I'm sorry if I'm being too blunt, but I'm focused on getting the answer to
a *simple* question.

Q: When does an Android cellphone broadcast an SSID?

NOTE: The SSID has nothing to do with the question but people get all hung
up if I ask the question this way:

Q: When does an Android cellphone broadcast a BSSID?

Re: How to look up the GPS location of your MAC address or car on the Internet
I assume you're referring to things like:

http://arstechnica.com/information-technology/2014/11/where-have-you-been-your-smartphones-wi-fi-is-telling-everyone/

http://www.zdnet.com/article/how-google-and-everyone-else-gets-wi-fi-location-data/

http://www.theregister.co.uk/2011/04/22/google_android_privacy_concerns/

and the like.  (I Googled for "Android, cellphone, collecting router
SSID, location, privacy" and got those and many other articles.)

There's two broad categories: whether there are risks to the person
carrying the cellphone and whether there are risks to the people around
them operating a wireless router.

It looks to me like you are NOT talking about risks to the wireless
router owners.  You're asking about locating a cellphone owner, so I'll
focus on that.

There were several ideas floating around a few years ago, as I recall.

* In NYC skyscrapers and the like, there are situations where knowing
  more than just the street address might be useful.  If the building
  has wireless routers, and if their locations are known, then it
  becomes possible to estimate which floor one is on from which router
  signals one hears and how strongly.

* IIRC (and I might not be), there was talk of whether it would be
  practical to gradually replace expensive cellphone towers with large
  numbers of cheap WiFi access points for cellphones (femto access
  points, I think I've heard them called).  Doing so would also help
  pinpoint the cellphone's location more accurately than is possible
  with the big cellphone towers, since the range of any particular
  femto-cell would be small.  Cellphones able to switch between
  cellphone mode and WiFi mode on the fly, or even just use WiFi for
  data, might also reduce TelCo-metered usage.

You speak about getting a location via Google even though you enter a
fake signal strength.  I don't see how that can work.  If you say a
signal is really strong, that indicates you're close.  If you say the
signal is weak, you're further away.  Choose any combination of places
around the world and make up whatever signal strengths you like, and you
probably can get a result anywhere on Earth, even if those numbers are
impossible in practice.

If I have a wireless router in Google's database, and you submit
something that says you hear my router (at all), I would think it'll say
you're somewhere near me, even if you aren't.  As you enter more
numbers, you can triangulate a position, but if you're making up
numbers, the answers wouldn't be meaningful.


A few specific points:

Quoted text here. Click to load it

(B)SSID aside, all cellphones are tracked to the level of "nearest
cellphone tower" whenever they're on.  If they're within range of more
than one tower, the range of possible locations is greatly reduced.

Quoted text here. Click to load it

Huh?  The wireless routers I've configured allow changing of their MAC
addresses, often during the initial setup/configuration.  (See DD-WRT,
ifconfig options wlanbssid #id and wlanaddr #addr (the latter sets the
WLAN local MAC address).  Regarding some other options, 'man ifconfig'
says "Note that this feature does not significantly enhance security as
MAC address spoofing is easy to do.")

There once was a company that manufactured Ethernet devices that all had
the same MAC address.  When customers discovered that, they got upset.
The manufacturer changed to providing unique addresses (I think).  While
customers could change the MAC address, they didn't have enough
information to ensure the address they chose was unique, as the
manufacturers do.

OTOH, if you meant cellphone instead of router, I'd mostly agree:
cellphone handsets are intended to have unique IDs.  However, I'm not
sure whether that's the same as the MAC address the cellphone would use
to connect to a WiFi hotspot (but maybe it is).

Whether it's changeable or not doesn't really matter: once a router has
been configured, its MAC addresses are rarely changed (short of
replacing the router), so once SSID X has been heard transmitting at
location Y, the X,Y pair should be valid for some time.  [I can also
think of ways to handle the case of duplicate MAC addresses (except when
the duplicates are operating so close to each other that one can be in
both of their signal areas at the same time).]

Fortunately, they're irrelevant to the question of whether Google's
database can be used by someone remotely to locate a cellphone user in
the absence of actual signal information.  I don't see an obvious way to
do that.  There's also the method of accessing the cellphone's own
recorded location history file (see articles), but that doesn't involve
Google.

Have I completely missed the point?
 -WBE

Re: How to look up the GPS location of your MAC address or car on the Internet
On Thu, 15 Sep 2016 01:04:30 -0400, Winston wrote:

Quoted text here. Click to load it


Google added the need for the *second* BSSID for security reasons, so that
you'd actually have to know *both* BSSIDs in order to do a lookup.

Of course, if you're *at* the location, you can *easily* obtain two BSSIDs
and their relative signal strength, so that's why Google gives any app that
asks, the GPS coordinates if you give the Google database three things:
1. BSSID 1
2. BSSID 2
3. Signal Strength

Again, if you are actually at that point, then it would be trivial for you
to have the BSSIDs, and the signal strength.

However, if you're faking it, then you have to fake the signal strength.

The way to fake the signal strength is to give both BSSIDs the same (or
similar) signal strength. (That means they're together.)

That way, you're talling Google that *you see* both access points together.

One of two things will happen, if I understand the "system" (and assuming
the hubby's ios or Android cellphone is one of the access points and the
other access point is the Starbucks nearest his girlfriend):

a. If the two access points *are* together, then Google will gladly report
back the GPS coordinates. BINGO! That's your test that hubby is at the
Starbucks over by his girlfriend's home!

b. If the two access points are *not* together, then Google will NOT report
back the GPS coordinates.

Pretty simple if you ask me.
This only works though, if the iOS or Android cellphone is being betrayed
by other poorly configured Android devices.

So that's why I ask under what circumstances does an iOS or Android
cellphone get its SSID/BSSID/SS and GPS position reported to the Google
database?

Re: How to look up the GPS location of your MAC address or car on the Internet
On Thu, 15 Sep 2016 01:04:30 -0400, Winston wrote:

Quoted text here. Click to load it

I'm *not* asking about cellphone triangulation.
That's totally different.

Re: How to look up the GPS location of your MAC address or car on the Internet
On Thu, 15 Sep 2016 01:04:30 -0400, Winston wrote:

Quoted text here. Click to load it

I am only talking about cellphones, and their MAC addresses of their 2.4GHz
and 5GHz radios, but in the case of cloning, nobody understands what Jeff
Liebermann understands.

The MAC address you *want* to clone to keep it out of Google's database
can't be easily cloned. Jeff and I am sure you can go through heroics, but
it would be easier to buy a dozen routers a year and just replace them each
month than it would be to try to change the MAC address of the radio that
is broadcasting the SSID.

Re: How to look up the GPS location of your MAC address or car on the Internet
On Thu, 15 Sep 2016 01:04:30 -0400, Winston wrote:

Quoted text here. Click to load it

Everyone on the planet knows that you can clone *one of* the router's MAC
addresses. But that's the *wrong* MAC address.

Look in the record for alt.internet.wireless for example:
 http://tinyurl.com/alt-internet-wireless

I think this is the thread, but it doesn't matter because you can't clone
the MAC address you *want* to clone for *this* purpose!
https://groups.google.com/forum /#!topic/alt.internet.wireless/-PK03bCEheM[1-25]

Here is what Jeff Liebermann said in that thread:
Cloning the router's mac address can't work.
Using the router feature of MAC address cloning or
changing only changed the MAC address for the WAN (internet) port.
That's useful for the few remaining ISP's that authenticate by MAC
address, but not really a good privacy measure.  The MAC addresses for
the LAN side, including the wireless, remains unchanged.  Since Google
wants the LAN MAC address for their directory of wi-fi devices, you're
stuck with the MAC address delivered by your wireless router vendor.

The only way I can currently think of changing the wi-fi MAC address
is to plug a wireless card into a PC or SBC (single board computah),
set it up to act as an access point, and change the MAC address in
Linux.  
<https://wiki.archlinux.org/index.php/software_access_point
I haven't tried this.  

Re: How to look up the GPS location of your MAC address or car on the Internet
On Sat, 17 Sep 2016 01:59:36 -0000 (UTC), Horace Algier

Quoted text here. Click to load it

Notice that I said router, not client radio, access point, or some
unspecified software running on your unspecified smartphone.  The
"hardware clone" feature found in consumer router firmware only
changes the WAN port MAC address.  The LAN ports (including Wi-Fi) are
unaccessible by mere mortals.  Like a PC or laptop allows anyone to
change the MAC address of its ethernet port or wireless device, you
can change the MAC address of a software based smartphone access point
if you have root access.

However, that's for a normal router that hasn't been hacked or has had
the firmware replaced.  If you have root and shell access, you can
just use ifconfig to change the MAC address of any addressable port.
For example, in DD-WRT:
  ifconfig wlan0 down
  ifconfig wlan0 hw ether 11:22:33:44:55:66
  ifconfig wlan0 up

That's also for a normal non-rooted smartphone.  If you root it, you
can again use ifconfig to change the MAC address of any port.
<http://www.gohacking.com/spoof-mac-address-on-android-phones/

If you want to drive Google partly nuts, just change your smartphone
wi-fi MAC address at irregular intervals.  That won't stop them from
tracking you by some of the other stuff they are harvesting from your
phone, but it's a good start.

Gotta stop typing for a day.  I tried to start a chain saw today and
now right wrist is swollen.

--  
Jeff Liebermann     jeffl@cruzio.com
150 Felker St #D    http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann     AE6KS    831-336-2558

Re: How to look up the GPS location of your MAC address or car on the Internet
On Fri, 16 Sep 2016 22:22:51 -0700, Jeff Liebermann wrote:

Quoted text here. Click to load it

Hi Jeff,
I do remember almost everything that you've ever said, that I understood.

And, while most people *think* you can clone the LAN ports "of the router",
it's not so easy (as you are explaining). Basically, for "our" purposes,
changing the WiFi (2.4GHz or 5GHz) Access Point MAC address can't easily be
done on a typical home router even though you are "admin" on that router.

I have no idea if *that* restriction applies to a *cell phone* so I will
read on ...

Quoted text here. Click to load it

Ooooooh.... this is new. Interesting too... Please do go on...  

Quoted text here. Click to load it

Ok. Fair enough. So you're saying that the Access Point (5Ghz and 2.4GHz)
MAC address is not easy to change on a router that doesn't have the
firmware replaced with custom softwqare.

Quoted text here. Click to load it

I do this on Linux daily (I have a script) - so - are you saying that if
you had root access to an iOS or Android cellhone or if you have "special"
more-than-root access on a router, that you *can* easily change the MAC
address that is associated with the cellphone's SSID access point?

Quoted text here. Click to load it

OK. SO is this the summary?
1. ROUTER
a. You have root access on the router, but you still can't change the
Access Point MAC address on most consumer router firmware
b. However, if you load *special* router firmware, you *can* change the
Access Point MAC address <=== Is that what you're saying?

2. CELLPHONE
a. You do not have root access on either an iOS or Android cellphone unless
you jailbrake or root it, so you can't change the MAC address of the access
point of a non-rooted (aka non jailbroken) iOS or Android device.
b. However, if you jailbreak (or root) the iOS or Android device, you *can*
change the access point MAC address (which is what Google harvests).
  
Quoted text here. Click to load it

We already know there is one way to prevent them from *harvesting* an
access point MAC address - and there is another (different) way to prevent
Google from *saving* your harvested access point MAC address - and there is
yet another way to (do something) with respect to Microsoft harvesting of
your access point MAC address:

1. If you *hide* the access point SSID broadcast, poorly configured Android
devices will *not* send your access point MAC address to Google.
2. If you append *_nomac* to the end of your access point SSID, then Google
promises to remove your access point from their database.
3. If you insert "_optout", then Microsoft will leave you alone (somehow)

Quoted text here. Click to load it

Ouch. I use a chain saw a *lot* as I create paths that go for miles and
miles and miles, so I have to cut a lot of dead wood to clear it away. My
Stihl is pretty good about starting up, but still - it's a pull on the
wrist.

Please heal. We need your acumen on her, as there's precious little to go
around.

Looking at the reference for spoofing the MAC on Android & iOS, it seems
these are the requirements for Spoofing the Access Point MAC Address:
a. Rooted Android Phone
b. BusyBox app installed on your phone
c. Once BusyBox is installed, you need to install Terminal app

Here's how to do it manually (according to that reference):
$ su  
$ busybox iplink show eth0  
(This will show your current MAC address, just for your confirmation)
$ busybox ifconfig eth0 hw ether DE:AD:BE:EF:CA:FE  

You have now spoofed your MAC address successfully. To check for the change
enter the following command again:
$ busybox iplink show eth0  

Here are two apps that do it for you (according to Google Play):

Wifi Mac Changer by Osama Abukmail  
https://play.google.com/store/apps/details?id=com.wireless.macchanger&hl=en

MacMan by Maxters  
https://play.google.com/store/apps/details?id=net.maxters.droid.macman&hl=en

Do you think the process to spoof the Access Point MAC address is similar
for jailbroken iOS phones?

Re: How to look up the GPS location of your MAC address or car on the Internet
On Sat, 17 Sep 2016 06:17:39 +0000 (UTC), Horace Algier wrote:

Quoted text here. Click to load it

Googling, it seems the iOS process is (far) more complex than is Android
for spoofing the MAC address of the access point (because Apple keeps
breaking it with every new OS release, apparently).

So, in essence, you can't spoof the access point MAC address on any recent
iOS version...
https://gist.github.com/pwnsdx/b39e961b6d719bd2aab0

But, if you try, these are the minimum requirements:
a. A jailbroken iOS device
b. MobileTerminal package or any SSH terminal to execute commands on the
iOS device
c. developer-cmds & network-cmds packages (available on Cydia).

But the problem is that Apple prevents you from doing this (as Apple
prevents you from doing most things you can do on all other platforms).

Details here:
http://best-mac-tips.com/2014/08/14/changing-your-mac-address-on-ios-iphone-ipad/
Where the author concludes:  
 "So, my best-mac-tip when it comes to spoofing your MAC address on an iOS

customisation) is just one of the many reasons why I use Android phones and
tablets."

Re: How to look up the GPS location of your MAC address or car on the Internet

Quoted text here. Click to load it

apple doesn't break stuff with every new release.  

nevertheless, ios has had mac address randomization built into the os
since ios 8, which occurs in some situations (it can't be all for
obvious reasons that you probably don't understand).

you've been told this before and you continue to ignore it so you can
lie.

<http://photos.appleinsidercdn.com/gallery/9525-1286-BpmmSGjIUAA34adpng-
large-l.png>

Re: How to look up the GPS location of your MAC address or car on the Internet
nospam wrote:

Quoted text here. Click to load it

It does. I have 2 apple machines myself. And I know several apple users who  
are afraid of updating the OS. Because they have made the experience that  
all too often something does not work anymore

Re: How to look up the GPS location of your MAC address or car on the Internet


Quoted text here. Click to load it

it doesn't. i have more than 2 and the issues are both minor and rare.
nothing is perfect so it will never be zero.

the above troll is referring to functionality offered via jailbreaking,
which is not supported in the first place, so it's no surprise it
changes.

meanwhile, look no further than microsoft's anniversary update for
breaking things.

Re: How to look up the GPS location of your MAC address or car on the Internet
On Sat, 17 Sep 2016 10:08:20 -0400, nospam wrote:

Quoted text here. Click to load it

This is an interesting paper...
http://papers.mathyvanhoef.com/asiaccs2016.pdf

Why MAC Address Randomization is not Enough: An Analysis of Wi-Fi Network
Discovery Mechanisms

"We present two attacks that reveal the real MAC address of a device, even
if MAC address randomization is used.

In the first one, we create fake hot spots to induce clients to connect
using their real MAC address.  The second technique relies on the new
802.11u standard, commonly referred to as Hotspot 2.0, where we show that
Linux and Windows send Access Network Query Protocol (ANQP) requests using
their real MAC address. ...  

We show that *all* implementations of MAC address randomization fail to
provide adequate privacy."

Re: How to look up the GPS location of your MAC address or car on the Internet
On Sun, 18 Sep 2016 03:43:26 +0000 (UTC), Horace Algier wrote:

Quoted text here. Click to load it

It's interesting that all the operating systems implement the MAC address
reandomization differently ... as outlined in that paper ...  

2.1.1 iOS
Apple added MAC address randomization to its devices
starting from iOS 8 [42]. In iOS 8, randomized addresses are
only used while unassociated and in sleep mode [18]. iOS 9
was extended to also use randomization in what Apples calls
location and auto-join scans [42]. Based on our own experiments,
this means that randomization is now also used when
the device is active, i.e., when the screen is turned on.

2.1.2 Android
Android 6.0 uses randomization for background scans if
the driver and hardware support it [2]. Unfortunately, we
did not have a device to test and verify this in practice.
Although Android versions before 6.0 do not support randomization,
several applications supporting this feature have
been released [9, 3]. Common features of those applications
are a periodical update of the MAC address to a random
value, but also the manual modi cation of this address by
the user. Note that those applications require root privilege
to operate, which reduce their impact for the average user.

2.1.4 Linux
Linux added support forMAC address randomization during
network scans in kernel version 3.18. The address should
be randomized for each scan iteration [24]. Drivers must be
updated to support this feature. The mvm module of the
iwlwifi driver supports randomization since kernel 3.18.
The brcmfmac driver added support for this in kernel 4.5.
The privacy-oriented Linux distribution Tails [1] does not
support MAC address randomization during network scans.
Instead, it generates a (new) random MAC address at boot.
This random address keeps the  rst 3 bytes of the original
address, the Organization Unique Identi er (OUI), and
only randomizes the last three bytes. While not as optimal
as periodical address changes, it does prevent tracking over
extended periods of time.

2.1.3 Windows
Microsoft supports randomization since Windows 10 [45].
Enabling randomization is possible if the hardware and driver
support it. Interestingly, not only does Windows use random
addresses for probe requests, it also uses a random address
when connecting to a network. To assure the client always
uses the same address when connecting to a particular network,
a per-network address is calculated as follows [27, 28]:
addr = SHA-256(SSID; macaddr; connId; secret)[:6] (1)
Here SSID is the name of the network, macaddr the original
MAC address, and connId a parameter that changes
if the user removes (and re-adds) the network to its preferred
network list. The secret parameter is a 256-bits cryptographic
random number generated during system initialization,
unique per interface, and kept the same across reboots
[28]. Bits in the most signi cant byte of addr are set
so it becomes a locally administered, unicast address. This
hash construction is similar to the generation of IPv6 interface
identi ers as proposed in RFC 7217 [21]. It assures that
systems relying on  xed MAC addresses continue to work as
expected, e.g., when authentication is performed based on
the MAC address. Users can also manually instruct the OS
to daily update the per-network address randomly.

Re: How to look up the GPS location of your MAC address or car on the Internet
On Sun, 18 Sep 2016 03:49:37 +0000 (UTC), Horace Algier wrote:

Quoted text here. Click to load it

The cut and paste from PDF to newsagent went awry, so I'll use VIM instead
for the cut and paste from PDF ...  

http://papers.mathyvanhoef.com/asiaccs2016.pdf

2.1.4 Linux
Linux added support forMAC address randomization during
network scans in kernel version 3.18. The address should
be randomized for each scan iteration [24]. Drivers must be
updated to support this feature. The mvm module of the
iwlwifi driver supports randomization since kernel 3.18.
The brcmfmac driver added support for this in kernel 4.5.
The privacy-oriented Linux distribution Tails [1] does not
support MAC address randomization during network scans.
Instead, it generates a (new) random MAC address at boot.
This random address keeps the first 3 bytes of the original
address, the Organization Unique Identier (OUI), and
only randomizes the last three bytes. While not as optimal
as periodical address changes, it does prevent tracking over
extended periods of time

2.1.2 Android
Android 6.0 uses randomization for background scans if
the driver and hardware support it [2]. Unfortunately, we
did not have a device to test and verify this in practice.
Although Android versions before 6.0 do not support randomization,
several applications supporting this feature have
been released [9, 3]. Common features of those applications
are a periodical update of the MAC address to a random
value, but also the manual modification of this address by
the user. Note that those applications require root privilege
to operate, which reduce their impact for the average user.

2.1.1 iOS
Apple added MAC address randomization to its devices
starting from iOS 8 [42]. In iOS 8, randomized addresses are
only used while unassociated and in sleep mode [18]. iOS 9
was extended to also use randomization in what Apples calls
location and auto-join scans [42]. Based on our own experiments,
this means that randomization is now also used when
the device is active, i.e., when the screen is turned on.

2.1.3 Windows
Microsoft supports randomization since Windows 10 [45].
Enabling randomization is possible if the hardware and driver
support it. Interestingly, not only does Windows use random
addresses for probe requests, it also uses a random address
when connecting to a network. To assure the client always
uses the same address when connecting to a particular network,
a per-network address is calculated as follows [27, 28]:
addr = SHA-256(SSID; macaddr; connId; secret)[:6] (1)
Here SSID is the name of the network, macaddr the original
MAC address, and connId a parameter that changes
if the user removes (and re-adds) the network to its preferred
network list. The secret parameter is a 256-bits cryptographic
random number generated during system initialization,
unique per interface, and kept the same across reboots
[28]. Bits in the most significant byte of addr are set
so it becomes a locally administered, unicast address. This
hash construction is similar to the generation of IPv6 interface
identifiers as proposed in RFC 7217 [21]. It assures that
systems relying on fixed MAC addresses continue to work as
expected, e.g., when authentication is performed based on
the MAC address. Users can also manually instruct the OS
to daily update the per-network address randomly

Re: How to look up the GPS location of your MAC address or car on the Internet
On Thu, 15 Sep 2016 01:04:30 -0400, Winston wrote:

Quoted text here. Click to load it

While you're correct, the only risk I'm looking at is how to *abuse* the  
Google Public API database in order to *track* the *current* location of a  
cellphone whose BSSID (aka MAC address is known to you) and where you also  
know the BSSID of the AP of, say, the local Starbucks.

The Google API (as a "security" measure) requires *two* MAC addresses  
before it will spit out the GPS location of *both*.

So, if you *think* the cellphone is at Starbucks, and if you know both MAC  
addresses, you can *prove* the cellphone is at Starbucks.

That's all I'm asking about.

When does a cellphone's MAC address & Location & SSID & GPS coordinates get  
captured into the Google Public Database?

That is the question!

Re: How to look up the GPS location of your MAC address or car on the Internet
On Thu, 15 Sep 2016 01:04:30 -0400, Winston wrote:

Quoted text here. Click to load it

THANK YOU WINSTON FOR UNDERSTANDING WHAT THIS THREAD IS ABOUT!
(sorry for shouting)
I'm just so happy that not only Jeff, but someone else also understands
what this thread is asking!

Also, thank you Winston for looking up the issue so that we could talk
about the topic of the thread.

Yes. You are correct.
This is a problem on both Android & iOS phones.

Looking at each of the three articles, here's a quick summary review:






improved accuracy.

2. How Google--and everyone else--gets Wi-Fi location data
Google doesn't use StreetView cars to pick up Wi-Fi location data any more.
They use your smartphones and tablets instead.
Eitan Bencuya, a Google spokesperson, tells me that Google no longer uses
StreetView cars to collect location information. So, how does Google
collect Wi-Fi location data? They use you.

Or, to be more exact, they use your Android phone or tablet. But, it's not
just Google. Apple and Microsoft do the same thing with their smartphones
and tablets.  

3. Google location tracking can invade privacy, hackers say
Unique IDs + router addresses = potential abuse
In October, Google pledged to stop using its world-roving Street View
vehicles to collect Wi-Fi data and said it instead would rely on Android
handsets to get the information. When phones running the Google OS detect
any wireless network, they beam its MAC address, signal strength and GPS
coordinates to Google servers, along with the unique ID of the handset.

Unfortunately, the lookup that was at that web site says Google disabled
the web site (but the lookup still works from the Google API):
http://samy.pl/androidmap/

Notice though, that this web site says:
  "android map exposes the data that Google has been collecting from
virtually all Android devices and street view cars, using them essentially
as global wardriving machines. You can use this tool to accurately locate
virtually any router in the world, as well as position *iPhones* and
*Android phones.*

So notice that all I'm asking is for more information about that last
sentence:
 -  You can use [query the Google Public Database] to accurately locate
...the position of *iPhones* and *Android phones.*

Re: How to look up the GPS location of your MAC address or car on the Internet
Quoted text here. Click to load it

Oh, what the hell.  I'll give it a try.

In the following I tend to intersperse WAN and LAN as well as BSSID and
MAC.  The basic underlying concepts work in both environments (with some
fudging).

SSID has nothing to do with cellphones.  It has to do with wifi only.
The same is true for BSSID.

SSID is just a name.  There could be thousands of wifi access points
around the world with the same SSID.

A wifi access point consists of one or more radios to create a WAN.
Each radio is a BSS with a BSSID, which is also known as a MAC.  Each
network device/radio has (by design, but not always in fact) a unique
value for the MAC.

A device wishing to connect to a wifi access point looks for a broadcast
wifi packet with a particular SSID in the data field of the packet.  The
header to the packet contains the BSSID/MAC of the access point in
source field.  To connect to the access point the device sends a packet
back to the sender of the broadcast by putting the access point's BSSID
in the destination field of the packet and its own MAC in the source
field.  The rest of the connection protocol is left as an exercise for
the reader.

Until things get handed over to (presumably) DHCP there is no way to
communicate other than the use of MAC addresses in the appropriate
fields of the LAN packets.  Strictly speaking, even after an IP address
is assigned to the device, all communications on the LAN/WAN is still
through the use of BSSID/MAC.  It is only after a packet is recieved by
the router that higher levels of network communications kick in and a
packet will be repackaged with the necessary outer packet to make its
way to the internet.

So, "Q: When does an Android cellphone broadcast an SSID?"

A: Keying on the use of the word "broadcast" and ignoring the use of the
   word "cellphone" because it doesn't apply, only when it is acting as
   its own access point/hot-spot for other devices.  After all, an SSID
   is only a name.

And, "Q: When does an Android cellphone broadcast a BSSID?"

A: Again, keying on the use of the word "broadcast" and ignoring the
   word "cellphone" the answer is the same as for the previous question.
   However, as mentioned earlier, the MAC/BSSID is used in every packet
   that is sent back and forth with the access point, but is strictly
   usable only within the geographic area that the radio signals reach,
   which is pretty much limited to line of sight communications and for
   which walls are only semi-transparent at those frequencies.

Now, with all that said, there is in theory nothing to stop any program
running as part of the wifi access point or within the connecting device
to query its own networking internals to grab its own MAC address or the
MAC address of devices it is communicating with and send that info out
onto the internet to some recipient along with info from its own GPS, if
available.

So, while it is not part of the normal protocols to reveal that
information it is not inconceivable that some user level program could
be doing the nasty deed.

Furthermore, all of this is at best fleeting information because a
network device's MAC address is held in ROM on the device.  The network
software in a device reads the ROM to get the MAC, but is in no way
required to use that address when constructing packets that will go out
the device.  The device itself *DOES NOT* insert the address into the
outgoing packets.  That is all handled by software.  Therefore it is
trivial for the software to use whatever MAC address it wants for its
outgoing packets.  This is in fact how DECnet used to work, the two high
order bytes of the MAC were changed to reflect the fact that a packet
was a DECnet packet.

As was said before, just flip a few bits and you could suddenly appear
to be on the other side of the planet.

Whew!

Now, what has been left out?  Oh yes, the cellphone network.  How data
is sent over the cellphone network is probably off topic for most of the
newsgroups listed above.  Therefore, I suggest you redirect your
queries/confusions to more appropriate groups.

Bruce             .

--  


Site Timeline