Free Wifi and it's problems...

An ocean of possibilities but the one you less expect strikes

Posted by Pedro Cabral on September 1, 2021

WIFI4EU is an European initiative that wishes to promote free Wi-Fi connectivity for citizens and visitors in public spaces such as parks, squares, public building, libraries, health centres, and museums everywhere in Europe. In theory this is an amazing idea, however, when put into practice can lead to major issues and possible breach of different networks.

In this "story" the issue is not with bad behaviour or nasty users of the network but the router (Surpising? maybe not but who knows).

While on vacation visiting family (and the need for internet) sometimes leads everyone to connect to these "FREE WIFIs" and on this case this was what happened. My first instinct was to look what was around me and the information from the network; To my surprise I have noticed that was a /24 network with default 192.168.1 range. The next step was to connect directly to the router webpage to check if this was disabled or not and turns out that was enabled (\m/.\m/ moment).

...

Fortunaly the default password was changed and the amazing combination of admin/admin was not being accepted.

After looking around I recalled that last year there was a zero day affecting this version of hardware that was being actively exploited (https://thehackernews.com/2020/03/draytek-network-hacking.html). After some google-fu I have found a go exploit for this version of software (kudos to https://gist.github.com/0xsha).

After running a simple ifconfig obtained the below results:

...

After this, it was time to inform the right people so they can start their IR procedures to review this equipment and create a patching plan.

In summary Free WIFI are as great as dangerous, sometimes the issues arise directly from the users that use it on a daily basis other times from the hardware deployed...