The Public Wi-Fi Network of Whole “Israeli City” Hacked By This Hacker

We often warn our readers about the use of “Free Public Wi-Fi” networks. The reason is, these networks are not secured and are easily hackable. Today's article is its biggest example. The public Wi-Fi network of an Israeli city hacked by a 26 years old “Amihai Neiderman” named hacker. This hacker is working as a head of research at Israel-based security firm Equus Technologies. He revealed the whole research process in DefCamp named Hacking and Information Security conference which held in Bucharest, Romania on November 10-11, 2016.

Why He Chose The Public Wi-Fi Network of City?

Amihai said that one day he noticed an unknown Wi-Fi network on his system. The unusual fact about this network was, it appears in an area which doesn't have buildings. It means this network was appearing in a non-residential area of the city. When Amihai connected his system to this Wi-Fi network, he saw an SSID “FREE_TLV”. Later, he came to know that this Wi-Fi network was the part of public free Wi-FI network of an Israeli local administration Tel Aviv. Then, Amihai decided to test the security of this public Wi-Fi network.

Amihai's Initial Research For Hacked Public Wi-Fi Network

Amihai connected his system with one of Tel Aviv's free Wi-fI network. He checked his new IP address from “whatismyip”. It was the public IP address of “Tel Aviv's” that router, which was providing free Wi-Fi to the whole city.

After that, he scanned that Public IP address to check the ports of the network. That router of Tel Aviv was using a login interface for free Wi-Fi users over port no. 443. This port no. 443 has been used by companies to send secure HTTP requests (HTTPS) towards the server. This login interface was showing the name of its manufacturer and it was “Peplink”. Besides it, no other information was there for Amihai. He scanned the network again and found, the network does not contain basic security vulnerabilities such as Authentication Bypass Flaws, Weak Login Credentials, and SQL Injection.

After that, he downloaded the exact firmware of that router from the official website of “Peplink”. It was not an easy task because there was not any information about router model and Peplink is manufacturing various type of routers for various industries. After analyzing firmware of various Peplink Router models, he finally came to know that it was Peplink's Balance 380 high-end load balancing router. “Version 5” was the current firmware version of that router. By analyzing this router, Amihai noticed that Peplink is using basic XOR-based encryption method.

How He Managed To Hack This Public Wi-Fi Network?

The current encryption method of Peplink's router was not allowing third-parties to reverse engineered its file system. Soon, Amihai discovered a “Buffer Overflow Vulnerability” in Common Gateway Interface (CGI) script of the router. This script was handling “Log-Out Process” of Wi-Fi users.

"To exploit this vulnerability, a long session cookie had been sent by Amihai to the vulnerable CGI script. The script was unable to handle this session cookie. It allowed Amihai to execute arbitrary codes in the router. As the result, the full control of that public router was in the hands of Amihai Neiderman”.

According to Ahimai, now this security vulnerability has been patched by Peplink.

Why These Attacks Are Dangerous?

Amihai Neiderman is a professional security researcher and he reported “Peplink” about this security issue. But, the “Black Hat Hackers” do not report about these security vulnerabilities. They exploit it for their own benefits. A black hat hacker could perform various black hat activities after hacking a public Wi-Fi network. Following are some of its examples:

Attackers can trace all the unencrypted sensitive information of users.

Attackers can redirect the connected users to malicious dodgy websites.

Attackers can install malware in the vulnerable connected systems to use all of them as a zombie to perform major DDoS (Distributed Denial of Service) attacks.

How to Be Safe?

We strongly recommend you, not to use Free “Wi-Fi” networks. If you want to use, then always connect with the network through a “Virtual Private Network” (VPN).

Never open that website on public Wi-Fi , which requires your sensitive information. Banking Websites, Social Network Websites, and Business Login Portals are its examples.

If you are connecting your smart devices with a public Wi-Fi network, make sure you have disabled “Download Apps From Unknown Sources” functionality. It allows a smart device to install malicious apps.

Spend some money and use paid Wi-Fi services. Nothing is more important than your privacy and sensitive information.

Other Hot Hacking News: