Today, I went to a well known commercial area near Louvain-La-Neuve. There, you can find another well known telecom operator point of sale. Usually, when I’ve some time to waste (when my wife is doing some shopping 😉 ), I sniff Wifi access points.
Today, I found one, unsecured. I received an IP, a default gateway but no name servers. Not far from the telecom operator, it was easy to guess the connection type!
I opened a HTTP session on the default gateway, bingo! No password configured. Walking thru the menus, it was a classic ADSL account.
I resume:
- No protection (even WEP)
- No password on the gateway management interface
- There was a filter on the MAC address but wrongly configured:
- Enable MAC filter
- By default, deny access to specified MACs (!!!)
- Only one MAC address listed
For the fun, I went to the point of sale, asked the manager and told him that his network was unsecured.
“Ah? Oh? Hmmm…. But it was installed by a professional engineer!”
“Look, I can even disconnect your TV channels…”
<click>
Black screen! 😉