On 2014-07-09 12:29, [email protected] wrote: > On Wednesday, July 9, 2014 5:13:22 PM UTC+2, Wesley Hardman wrote: >> How would you be able to enforce a bounding box with an offline copy of the >> database? > > By hashing the BSSID together with latitude and longitude (basically the > position of the bounding box in a grid). The database would be a three-column > table of the hash, latitude and longitude. It would still be possible to look > up a location and determine if there are any WiFis in the immediate vicinity. > But in order to answer the question "where is the WiFi with this particular > BSSID", you would need to know its approximate location. > >> Even if you *could* enforce it, it wouldn't take long to search over the >> entire earth with a script. > > What exactly is your "use case" for the attack? Any use case really. The whole issue with downloading the database is about privacy. > > Taking the "where is the WiFi with this particular BSSID" example but > assuming the attacker has little information about its location, in order to > brute-force the hash one would need to try each and every possible bounding > box. Staying with the 1×1km box size, the number of hashes to calculate would > amount to: Assuming the BSSID is still in NA, it would take about 3 minutes. An hour to find it anywhere in the world.
I could also quite easily find specific APs in an area. For example: Say Linksys routers are vulnerable to an exploit, I can fairly easily find how many are in a given area, and get the latitude and longitude from it. > > 500 million: entire earth surface, including oceans > 150 million: landmass only > 44 million: Asia > 30 million: Africa > 25 million: North America > 18 million: South America > 10 million: Europe > 9 million: Australia > _______________________________________________ dev-geolocation mailing list [email protected] https://lists.mozilla.org/listinfo/dev-geolocation
