Recently, I stayed at a bed-and–breakfast, which was rich in heritage, warm in hospitality and managed by some outstanding individuals. Upon my arrival, I checked into my room, became acquainted with the surroundings and decided to break out the old iPad and dive into my emails.
Once I obtained the guest password to access the guest Wi-Fi, I successfully logged in and began to work. After a few minutes, my curiosity peaked and I felt the urge to test the Wi-Fi security levels. Typically, I have my Kali Linux (ethical hacking tool) machine with me; however, I only had my iPad on that trip.
With a little guess work, I was able to log directly into the administrator portal. If I had had bad intentions, I could have wreaked havoc on their network, infected other users and much more. I immediately closed out of the portal, called the manager to bring his laptop down and showed him how I was able to access their network. We discussed the unthinkable things that could occur if that information got into the hands of someone who wasn’t ethical. Ultimately, I helped him secure the guest Wi-Fi and the B&B’s separate network.
Many consumers do not understand the difference between password and passphrase. When you purchase a router from the store and begin to set it up, you are given the factory default credentials. Anyone with access to the internet can find out what the default username and password is by the name of the router manufacture. Example: if you have a D-Link router, chances are very good that the username is “admin” and the password is “password”. Most people do not think to change this password, thinking that the internal passphrase will suffice.
I would encourage folks to go into their Wi-Fi network and check to see if their admin portal is secure. One way to find out is open your browser and type in your routers IP address – for many it would be http://192.168.0.1 . From there you will be asked to verify your credentials.
Mike Frost is a consultant at TelPlus CyberGate, a cybersecurity firm based in Woodstock Georgia. To contact him, email at mfrost@telpluscommunications.com