What most people don’t stop to think about, is how safe is the network that I just connected to, and checked my bank account on? In far too many cases, they are barely configured and just there to grab customers that normally go to the coffee shop across the street.
Here is a Scenario that I ran across recently. I was stuck doing Laundry at the local Laundromat, and I was bored watching the clothes flop around so I pulled out my laptop to do some browsing. I was shocked they didn’t even have the typical “acceptable use” agreement (which is total garbage anyway), which screamed to me that NOTHING had been set up on this network. so I was curious what I could find out. My curiosity would later prove that I might actually need to contact the Laundromat manager and help them set things up better because its grossly insecure, but I’ll get to that later.
As normal, when I’m trying to find out more about the network I’m connected to, I will generally boot into backtrack (because I can do network diagnosis with my wireless card.) checking my IP address I found that it was 192.168.1.x and my gateway was 192.168.1.1, so I connected to the router, only to find that there was NO password prompt to get in, and on the first screen, it listed the ROUTER’S Gateway… which I then was also able to display the login page.
A quick Google search gave me the default username/password for the internet gateway (which worked) and I was able to have administrative access to the entire network… I was able to set up filters to block ALL Google.com, Twitter.com, Facebook.com requests… tested them quickly on my own devices then removed them.
there were no other people at the Laundromat with me at this time, so packet scanning or network spoofing was not worth while, but had there been, I could have done it, and without having an “acceptable usage agreement” I’m not even breaking any rules by doing it. yes, typically any malicious hacker can easily break the rules without losing network access as the usage agreement is a “feel good policy” that makes users feel like they are safe.
I use this example to demonstrate, most coffee shops, and other free Wi-Fi hubs, don’t ever hire an IT professional to set up, let alone maintain their networks, so its normally very insecure as its just the site manager doing anything with it. they wouldn’t know how to read an activity log, nor find a problem if there was one. so as a general rule, don’t use free Wi-Fi for anything you wouldn’t feel comfortable with someone having, careful with your Facebook, or twitter as those accounts generally have personal information to be easily stolen.
let this be a warning, and if you can, help educate your family and friends too.