Categories: Breaking NewsHackingSecuritySocial Networks

Marauder’s Map allows Tracking Facebook Friends with a Chrome extension

Marauder’s Map is the name of a Chrome extension developed by Aran Khanna to simply track Facebook users using Facebook Messanger data.

A student from Cambridge, Aran Khanna, has developed a Chrome extension that allows tracking Facebook friends on map. The developer named the extension Marauder’s Map as the magical Marauder’s Map from the Harry Potter books that reveals all of Hogwarts School of Witchcraft and Wizardry.

The Chrome extension allows tracking Facebook friends by grabbing location data from Facebook Messenger with location sharing enabled and displaying their locations on a map. As explained by the developer the accuracy of that data and easiness of extracting them from the popular social network allow everybody easily track user’s friends from the messaging service.

“I wrote a Chrome extension for the Facebook Messenger page (https://www.facebook.com/messages/) that scrapes all this location data and plots it on a map. You can get this extension here and play around with it on your message data.” wrote the developer in a blog post.

The Facebook mobile app for Facebook Messenger sends out the user’s location with all messages by default and let me add that that the precision of the coordinates is impressive.

Another factor to consider it that the popular social network encourages the users of the Messenger app to share their location by enabling location sharing feature by default in the installation phase.

It is important to understand that in order to track position of a friend in Facebook it is necessary to have had a conversation with him over Messenger with location enabled.

If someone is able to involve Facebook users, not necessarily friends, in a chat he will be able to track their location.

“I found that I could even do this for people who I am not Facebook friends with. I am currently in a large active chat to organize poker games with some fellow students, many of whom I am not Facebook friends with. However, I can still track their locations extremely accurately from the messages they send the group.” said Khanna.

Another interesting discovery made by the developer is that it is possible to aggregate information from chat of different users with the same target in order to track him.

“This means that if a few people who I am chatting with separately collude and send each other the locations I share with them, they would be able to track me very accurately without me ever knowing.”

It is important to highlight that there is no flaw in Facebook Messenger because the developer has simply exploited a feature that allows users to share their locations with friends.

The extension for Chrome is available on the Chrome web store, its source code is open and available on Github.

To avoid being tracked by the extension keep your location data private by disabling location sharing feature in your Messenger. Another option is to disable Messenger location access from the phone settings.

Pierluigi Paganini

(Security Affairs – Facebook Messanger, Chrome extension location tracking)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.