Are public wireless networks (Wi-Fi) dangerous for her protection της ιδιωτικής μας ζωής; όσοι ασχολούνται με την technology γνωρίζουν την απάντηση. Αυτό που δεν γνωρίζουν είναι ότι ένας hacker από το Ισραήλ, απέδειξε πόσο εύκολα θα μπορούσε να αναλάβει το δωρεάν Wi-Fi network of an entire city.
One day, on the way to his home from work, Amihai Neiderman, head of the research team at Israeli Equus Technologies, found a wireless hotspot he had never seen before. It was unusual because it existed in an area that had no buildings.
It turned out that the Wi-Fi hotspot was called "FREE_TLV" and was part of the city's free wireless network and was set up by the Tel Aviv local government.
Neiderman wondered: How safe is it?
Over the next few weeks, he attempted to hack the network in his spare time. He first connected to the network through one of the access points that existed throughout the city to check what the IP address (Internet Protocol). This is usually a public address assigned to the router through which anyone who wants to use Wi-Fi can and does access the internet.
Then it disconnected and started scanning the IP address for open ports. So he discovered that the web-based login interface it was on port 443 (HTTPS).
When he tried to log in from his browser, the device manufacturer's name appeared (Peplink) without any other information about the type of device or model. An analysis of the web interface did not reveal vulnerabilities that could give it access to an SQL injection.
The researcher realized that a more in-depth analysis was needed to discover the real firmware of the device.
Recognizing the device to find the exact firmware was not an easy task. Peplink manufactures and sells many kinds of devices for various network services. However, he thought of downloading the 5 version firmware for the Peplink Balance 380 high-end load balancing router.
The firmware used basic XOR encryption to make it more difficult for third parties to reverse engineer the firmware file system. But his circumvention was relatively easy. Immediately after, Neiderman loaded the unpacked components into an emulator and was thus able to access the CGI (Common Gateway Interface) scripts that existed on the router's web interface.
As you understand, it did not take too long until the researcher discovered a buffer overflow vulnerability in the CGI script that handles the log-out process. The flaw could be exploited by sending a long session cookie to the script and giving it full control over the device.
Neiderman presented his findings Thursday at the DefCamp security conference in Bucharest. Of course, he refused to say whether he actually entered the Peplink Balance routers used for Tel Aviv's free Wi-Fi network because there was a legal problem.
However, when reporting the flaw in Peplink, the company confirmed the vulnerability and upgraded the firmware somewhat overwhelmingly.
Vulnerabilities in routers are not unusual. But this case stands out because it shows that a skilled hacker could attack thousands or tens of thousands of users connected by large public Wi-Fi networks.