Of course, no encryption or other security was set up, which allowed me to connect to the network without problem. Speedtest revealed that I had an excellent connection, 8 MBs (or so) down, around 1 MB up. Nice. Better than what I get at home. If I would have been a file sharer, I would have enjoyed that.
Free bandwidth in itself is not a terrible security risk, and providing it to the public is rather nice, actually. Even though I doubt that this was the intention of the 'provider' in question. Bruce Schneier wrote about that just the other day. He did mention that an open network is not terribly problematic, but that at least the systems on that network should be properly secured. Well, did they do that in my case here?
So, let's see what else - besides the ESSID - was left at the default setting. Maybe I could find out who was the kind donor of the bandwidth? Looking at the IP address that I had been assigned (or also just using the 'route' command) I could quickly find the IP address of the gateway router: 192.168.1.1. Well, that was difficult to guess, wasn't it?
Next on the list: Telnet to the device. It asks me for a username. Let's try 'admin'. Now for the password. Hm. How about I just leave it blank? Bingo! I'm in, with full administrative access to their router. Imagine what their surprise would have been, had I enabled encryption on their network, changed the router's password or enabled MAC filtering?
Mind you, so far I haven't used any 'hacking' tool or network security tool at all. Only telnet. I then directed my web-browser at the gateway's IP address and am rewarded with full access to the router's web-based administration interface. How convenient, indeed. In some countries they are now trying to ban software that could be used to break into networks. Does that include browsers as well?
Anyway, I digress. I still wanted to know who it was that operated the network. I clicked on the 'ADSL' (or similarly named) tab in the browser interface and - sure enough - there were the complete login details for the ADSL account. Ah, nice! I now had the ADSL user-name. Turns out that it was the hotel next door, which used its hotel name as the account name with its ADSL provider (a well known ISP in New Zealand, who shall remain nameless).
Fortunately, the browser-based interface displayed the password only as '*****', so at least that was secure? Not quite. The obfuscated display of the password field is something that's done in the browser! So, all I needed to do was hit CTL+U and Firefox showed me the HTML of the page. And there, of course, was also the clear-text value of the password field. Sigh...
Now, mind you: At this point I not only have full administrative access to their router, but also full access to all their account information with their ISP. A small test revealed that I could now access their bandwidth usage information from the ISPs web-site, for example.
Even though I still had not used any special hacking tool - or actually 'broken' into anything - this was beginning to get a bit too creepy for my taste, so I left it at that. I am presently in the process of authoring an e-mail to the hotel in question, informing them of their security issues.
People, please! If you want to offer free bandwidth to your fellow humans then I really applaud that! That is very kind. Just be aware of possible snooping attacks, ARP spoofing and other things which you could be exposed to.
But at the very least - the VERY least! - please set a good password on your router! You do not want a malicious attacker to have access to that piece of equipment, lest you find yourself in a world of pain and trouble.
Other related posts:
Skype surveillance: You can't trust closed-source software
Fake popup study: Users are idiots? I don't think so...
Google anonymises IP addresses in their logs? Not really...
Add a comment
Please note: comments that are inappropriate or promotional in nature will be deleted.
E-mail addresses are not displayed, but you must enter a valid e-mail address to confirm your comments.
Are you a registered Geekzone user? Login to have the fields below automatically filled in for you and to enable links in comments. If you have (or qualify to have) a Geekzone Blog then your comment will be automatically confirmed and placed in the moderation queue for the blog owner's approval.