Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Security Wireless Networking Communications Encryption Network Networking Privacy Software The Internet Technology

Hacker Explains How He Hacked Into Tel Aviv's Public Wi-Fi Network In Three Days (vice.com) 45

An anonymous reader quotes a report from Motherboard: Israeli hacker Amihai Neiderman needed three days to hack into Tel Aviv's free public Wi-Fi. He only worked during the evenings, after he came home from his full-time job as a security researcher. The 26-year-old said the difficulty level was "a solid 5" on a scale from 1 to 10. The hack, performed in 2014 and recently explained in detail during the DefCamp conference in Bucharest, Romania, shows how vulnerable public networks can be and why we should encrypt our web traffic while accessing them. He hacked his city out of curiosity. One day, he was driving home from work and he noticed the "FREE_TLV" displayed on his smartphone. He had no idea what it was, but got intrigued. It turned out to be Tel Aviv's free municipal Wi-Fi network. The hacker connected to it and checked what his IP was, using http://whatismyip.com. This way, you usually find the address of the router that links you to the internet. To hack Tel Aviv, he needed to take control over this device. Neiderman got home and found out that the router had one port open. He tried it. This step allowed him to determine the manufacturer of the router. It turned out to be Peplink, a company he had never heard of. It made the mistake of having the administration interfaces online. At this point, he still didn't know what device he was connecting to. He compared different products displayed on the company's website and looked for additional clues in the messages sent to him by the unidentified device. He finally found out it was a high-end load balancing router. All he needed was a vulnerability to exploit. But breaking the firmware of the router seemed time consuming, as files were encrypted, so the hacker took a different approach. He found a less protected version of the firmware, used for a different device, and found a vulnerability there. To his luck, the same glitch was present in the version installed on the very devices that made up "FREE_TLV." He tested the hack at home, emulating the city's network, and it worked. A real-life test would had been illegal.
This discussion has been archived. No new comments can be posted.

Hacker Explains How He Hacked Into Tel Aviv's Public Wi-Fi Network In Three Days

Comments Filter:
  • Did he do hacking on Saturday?

    • It took me three days to have sex with Keira Knightley! Well actually it was an inflatable doll but I call her Keira
  • by ruir ( 2709173 ) on Tuesday November 22, 2016 @05:47PM (#53342139)
    Where is an article not written for 5 years old how was the vulnerability found?
    • by TWX ( 665546 )
      Let's be fair. The summary is more like a ten year old's bookreport where aforesaid ten year old doesn't consider that the audience has no previous knowledge of what he's going to talk about so important details are omitted.
      • by Donwulff ( 27374 )

        The summary is pretty much just a cut & paste of the whole article from Vice, just as the summary of the summary says.
        And yes the article skips the only interesting part, which is how he found and tested the exploit when the article says he acquired one of the company's routers only after the supposed hack.
        It also leaves it entirely in air how accessing a "public"/"free" (as it's identified, and which allowed him to freely access the Internet) WiFi counts as a hack, and what was the actual threat there.

        • The article is admittedly useless in giving details of the hack, or what he managed to do.

          Assuming though that the exploit gave him full access to the router's configuration (which the article seems to imply), that would make it trivial to add a sniffer to intercept unencrypted traffic, alter DNS settings to point to a compromised database, or otherwise instigate man-in-the-middle attacks of unencrypted traffic. The article specifically says that we should encrypt all of our traffic over public Wifi, which

          • by Donwulff ( 27374 )

            It's specifically said the router's firmware was encrypted so he couldn't read it, much less install sniffers or backdoors. About only thing it's reasonable to expect him to be able to do is disable some firewalls between internal and the public Internet. And even that is assuming their internal network was directly connected to "free, public WiFi" and city officials had password lists and locations of the nukes on unsecured shares on their desktops... which is, kinda large leap of faith. Especially since t

            • by jrumney ( 197329 )

              It's specifically said the router's firmware was encrypted so he couldn't read it, much less install sniffers or backdoors.

              And yet he managed to emulate it on his home network to avoid breaking the law by hacking an actual router belonging to the city...

              Some other things don't add up: The hacker connected to it and checked what his IP was, using http://whatismyip.com./ [whatismyip.com.] This way, you usually find the address of the router that links you to the internet. ... an actual hacker has many faster and more reliable methods of finding the router's IP at their disposable, that don't involve asking remote websites what your IP address is

      • the summary is okay.

        the story is boring because he doesn't know if the municipal network was running the same firmware he hacked.

        if taken to extreme, it would be the same as me claiming to have hacked the US Navy network because I hacked windows XP. furthermore it's pretty dated so it would be more like me claiming that I hacked Finnish Defence Forces network because I looked up an exploit for Windows NT 4.0 tcp/ip stack online. well, not too much like that but the idea is the same why it makes the actual s

  • by Anonymous Coward

    The summary reads like an article in 2600 magazine. You know, the magazine that occasionally has easy construction articles with resistors called out as 'yellow purple red resistor' instead of just saying 4.7k.

    • by Anonymous Coward

      4.7k ought to be enough to anybody

    • awwww all I have is a gold red purple yellow, now I can't hack
    • A shite article on vice.com? Shocked I am, shocked!

      • by rtb61 ( 674572 )

        So free government wifi, there is definitely a story in that, so what would an extremely suppressive government like Israel do with free wifi accessible throughout major cities, now I bet there is a more interesting story in there, that is yet to be reported. I wonder how many other autocratic governments will start offer low bandwidth free wifi in metropolitan areas. I wonder how many smart phones have been hacked in those regions, all of them?

  • by TWX ( 665546 ) on Tuesday November 22, 2016 @06:01PM (#53342281)
    ...from the summary...

    It jumps straight from checking out the SSID that he found on his phone and seeing his IP address to somehow having a device in his hand that he could manipulate?
    • by Anonymous Coward

      The article is not better in terms of detail content.

    • He might have created a GUI interface using Visual Basic to track the IP address... [youtube.com]

  • by wonkey_monkey ( 2592601 ) on Tuesday November 22, 2016 @06:14PM (#53342383) Homepage

    He tested the hack at home, emulating the city's network, and it worked. A real-life test would had been illegal.

    Oh, right. So he hacked the city's network the same way I robbed a bank with a gun, only it wasn't a bank, it was my friend with some monopoly money, and it wasn't a gun, it was a banana. But we both acted like it was real, so it totally would have worked.

    • by Anonymous Coward

      *for very small values of "hack" and "planet"

    • by Macfox ( 50100 )

      Give this man a mod point!

    • On the other hand, I'm surprised they haven't thrown him in jail yet for "having knowingly simulated computer access without authorization or exceeding authorized access".

      You know, just to be safe.

  • by Anonymous Coward

    it's like the time I robbed a pirate ship, but then I woke up and it was all a dream.

If you suspect a man, don't employ him.

Working...