Your Wi-Fi Router May Be Leaking Your Home’s Physical Address to Strangers
Toggle Dark Mode
You expect some anonymity when you go online, especially when you are on social media and interact with others through usernames. According to a recent report from Tom’s Guide, you may not be as secure as you think. It is possible that people may be able to find your physical address thanks to your home’s wireless router.
Researchers Rob Beverly and Erik Rye discovered that routers are leaking information that makes it easy for others to find your physical address. Beverly and Rye presented their findings at the recent Black Hat information security conference.
Many routers, especially those that are leased by consumers through their internet service providers, are leaking their MAC address, a unique hardware ID number.
These hardware ID numbers then can be located on publicly available maps. These Wi-Fi maps show the location of Wi-Fi networks on a street-level basis.
With the right tool, an angry commenter can uncover the MAC address of your router and then find your router’s location on a map.
This vulnerability emerged 20 years ago when technology companies applied a fix to most routers, claims Tom’s Guide. This fix caused routers to leak their MAC address, but this vulnerability was never closed. Companies continued to add new features and patch other more severe vulnerabilities but moved on from this leaking MAC address problem.
A large number of routers in the wild use legacy IPv6 addressing that permits the recipient to very precisely locate that router physically.”
Rob Beverly and Erik Rye
The researchers became aware of this flaw and created a tool called IPvSeeYou that looks for IP addresses that may expose a router’s MAC address. Once found, the tool then tries to match the router’s MAC address to a public database. The pair found more than 60 million routers that were revealing their unique hardware IDs. Of that group, 12 million routers were able to be geolocated using public Wi-Fi information.
Not only do these routers leak their unique hardware IDs, but they also make it easy for people to find nearby routers that use the same ISP. “Simply living near [these exposed] routers is a privacy threat,” the researchers said in their BlackHat presentation.
What You Can Do
According to Tom’s Guide, there is an easy fix to this issue. This vulnerability only happens in combination units, often called a home gateway, that includes both a router and a modem. Most of these home gateways are supplied to consumers by their ISP.
If you have a separate modem and a router, you do not need to worry about this problem. If you have a combo modem and router, you simply can disable IPv6 within the router’s settings. You may have to find a user manual or contact your ISP to find out how to change this setting. If your ISP is unable to help, you may have to purchase your own router and use the ISP’s home gateway only as a modem.