Being a huge fan of Kevin Mitnick, I thought I would practice some of his social engineering tips and tricks from his book,
The Art of Deception. While the majority of his book focuses on social engineering over the telephone, I took these skills to a coffee shop to try getting access to a network in person. My target shop was one that I had never been in before, but still semi-local to where I live. Not being a coffee fan, I ordered a large, cold glass of chocolate milk and a giant, microwaved chocolate chip cookie - paying with cash of course - and made small talk with the coffee shop owner. Once my perfectly healthy, well-balanced lunch was finished, I opened up my laptop to work on some college coursework. Needing internet access, I asked the shop owner what the network name and password were, and she politely handed me a post-it note with the information on it. I noticed that it was the Verizon router defaults with no customization - as if nobody had ever logged into the router to change anything.
I next asked the owner if she would like a customized login for the shop's wireless network so that she wouldn't need to hand out post-in notes to every person who asked. She said YES! My first social-engineering venture had started! I think that it helped that I caught her off guard with this question, and she already warmed up to me with the small talk and nice tip that I left in the cheesy tip jar, labeled "Our tip stache" with a doodle of a mustache. I tried logging into the router at the 192.168.1.1 address with the Verizon defaults of admin:password. Denied.
So, what's the next step? Well I've already got this lady excited to have a new password, so there's no way she'd deny me access to her router. Too easy. Within seconds I'm back in the kitchen looking at a hole in the wall with a breaker box and a router. On the breaker box is another post-it note that a Verizon employee must have written down, detailing the router login as seen in the photo. I attempt that login on the Verizon login page, and again, I'm denied access. One last password to try. Some Verizon routers default their passwords to the serial number located in the middle of the grates. So after some intense squinting and stretching (this thing was at least 7 feet off of the ground), I pulled the serial number from the router and logged in successfully. I have full access to the router, seeing everybody's device name and MAC address that has ever logged onto the network.
As promised, I wanted to change the password for the owner. Not surprisingly, she said that she'd like the password to be "coffee." Sorry, not happening. We're going to be a little more secure than that, even if you're going to be handing out the password to every paying customer anyway. After some poking a prodding at the issues of weak passwords, I finally convinced her convert her WEP router serial number password to a memorable WPA2 password with 14 characters and 4 numbers. Impressive!
So, what lesson can be taken away from this? Small business owners that offer free wireless access often don't have the first bit of knowledge about router configuration, let alone wireless security. Luckily, this coffee shop didn't have any customer information stored on the same network that they were offering their public WiFi on, so giving me the ultimate form of network access wasn't a HUGE deal. However, if a truly malicious party wanted the same access, all they'll have to do is ask. Hopefully, my mini-lecture to the owner will avoid future instances of this happening.
If you'd like to hear more stories like this one, leave a comment below!
