Yesterday I’ve been to a customer. Two employees from the IT-Department talked about WLAN security.
While working on my Thinkpad T40 I started IBM Access Connection and surprise, surprise, two wide open WLANs were shown up.
I’ve showed them but they didn’t know those WLANs. I decided to go deeper in one of the WLANs. I connected and bingo, thanks DHCP I received an IP-Address.
I started Mozilla and I was able to surf the web. A quick look in ‘ipconfig’ told me that 192.168.1.1 is the router address. I gave Mozilla “http://192.168.1.1″ to eat and a “Username and Password” dialog popped up.
The router was a Linksys modell. A little google research and one minute later I had the default settings for this router. No username and ‘admin’ as password. I tried it and here we go the Configuration Interface of the router.
I started my IM Clients and Lotus Notes and I was able to chat and replicate Databases with the company.
So while I was in why don’t make a portscan with Superscan ? I discovered another machine in the WLAN which turned out as another Windows PC. What about ‘security’ on this machine ? I tried the adminstrative share ‘\\192.168.1.100\c$’ and the ‘Username and Password’ dialog popped up. What would you trying ? Yes. ‘Administrator’ and no Password. Unbelievable I was on the local ‘c:\’ drive.
There were a few Worddocuments and I decided to open one of them. It turned out that the sender of this document was a local bookstore on the other side of the street.
I went over the street and asked the manager which company installed the WLAN. He said that it was a friend of him. I told him that I don’t think that this guy is a friend of him because the WLAN is very unsecure (Ok. ‘No security’ describes it in a better way). The manager smiled.
Then I told him the router modell, the IP range, his IP Address, no password on the router, no password for ‘Administrator’ on his machine and then about the worddocument I’ve read and that this was an effort of ten minutes. He didn’t smile anymore and he asked me what to do. I told him to set passwords and to activate WEP keys, configure DHCP for his MAC Address only (hey, this tips are for free! If you want more, pay me!).
I’ve been to the same customer today and do you know what? Nothing changed…