A few days ago, when the session period began, I was waiting for the exam results from the lecturer.It happened that in the hour when the long-awaited e-mail with the results was to come, I was at a friend, and bad luck wanted me to end the internet package on my phone.I asked a friend if he would give me a password to his wifi network.I got an evasive answer - "Guess".A little confused, I turned on the mobile data on my phone and checked the box, and there was no email.A second later, my thought came to my mind - "He has internet in UPC".I remembered a tool that I heard about a year ago."I'll guess!"- I said and started to act.What is this tool and what is it for?
A simple application available on Google Play, which I didn't have the opportunity to test in advance.Key generator for a large number of routers, e.g..Thomson and a few others, which are used by the reputable UPC company.
The problem of generating default access passwords for UPC customer routers, through the key, which is the MAC address.About a year ago, they managed to fully play the algorithm generating the default network name and password, which allowed you to break into the network in which they remained the default.Then I passed by this news indifferently, because I do not live in a block of flats, and in the neighborhood there was no network with UPC prefixes to check how it relates to reality.Of course, the case has been resolved in newer routers and the installers do not make this mistake anymore, but "old" last year's and older routers are still working.
The whole event happened in the block, probably 100 families within a radius of 100 meters ... I only turned on the application.
The application has found 2 routers, whose Mac addresses may indicate that the equipment is in the pool of those whose slogan was generated according to the already known key.I click on the one with a stronger signal and the application generates passwords.
The program finds a large number of keys that can fit, then test each one in turn.
It takes a moment, say 5 seconds for each key.
And suddenly it shows the correct password and automatically connects with a given WiFi network.
I got in!The internet is mine ... how to go a step further?192.168.0.1 ...
Hmm ... I'll think.Username "admin", slogan "password" - does not work.Login "Admin", and in a slogan empty - it doesn't work either.Well, admin, admin ...
Over.
In less than 5 minutes I got access to the "administrator panel" of the network from the phone.Thanks to such access, a person with slightly less peaceful intentions can virtually anything, from changing the settings, through eavesdropping on traffic in such a network after injecting malicious code to unsecured devices connected to it ... It is worth recalling that there is a mass of gaps in the security of the equipment that we have all the timeconnected to the WiFi network e.g..phones.The threat is really real, and only because the slogans were default.
Of course, I immediately informed about this fact a friend who practically changed the password to his wifi network.Unfortunately, he didn't want to share him with me anymore, for fear of my further "hacker".
The moral is simple and known to some - change the default slogans and the problem will be partially averted.
It is worth adding that the default keys are usually considered strong, they are collections of random numbers and letters, but the default slogans are slogans that "someone" already knows, whether it is a machine generating them or installer mounting a router.What like what, but it doesn't have your own, a strong password - remember that.
Author: Michał Kotfas
Also check:
- Hakerzy mogą przejąć Twój router Wi-Fi! Jak się zabezpieczyć?
- Mapa sieci WiFi na lotniskach całego świata
- Jak nie znając hasła/PINu odblokować telefon
- Tinder wprowadza do swojej usługi sztuczną inteligencję
- Facebook pod ostrzałem!
- Zakaz handlu w niedzielę? Skorzystaj z aplikacji
- Internet od T-mobile – dostałem nowy-używany router, a to nie do końca bezpieczne (ku przestrodze)
- 172 niebezpieczne aplikacje w Google Play zebrały w sumie ponad 335 milionów pobrań!
- Google: Chrome 89 schłodzi Maca i oszczędzi „znaczną” część pamięci na Windows
- Przeraża, ale i fascynuje: samochód rozpozna nasz wiek i płeć – poznajcie Cipia