As a growing number of cities provide free WiFi networks become, a security researcher demonstrated his successful hack of his city's WiFi network.
Equus Technologies' head of research Amihai Neiderman exploited a buffer-overflow flaw in the network's load balancer. The flaw in the load balancer, a reverse proxy device, imperiled the data of thousands of the city's WiFi service users.
Neiderman disclosed the vulnerability at DefCamp7, an information security conference in Bucharest, Romania. The attack highlights the ease through which even a single router's flaw affects WiFi users, even as numerous routers are vulnerable. Routers are increasingly used to launch DDoS attacks, although many users remain unaware of risks posed by public WiFi.
Check Point Security mobile area manager Pavel Berengoltz noted that the research is one of many security issues that exist in current WiFi networks ecosystems. “From faulty configuration to vulnerable and unpatched firmware, attackers have a wide attack surface to exploit in order to hijack the traffic of connected devices." Users should “keep their eyes open” for unusual behaviour when connecting to a WiFi network, Berengoltz wrote to SC Media.
The logic vulnerability in a simpler version of the device's firmware is the perfect example of a “needle in the haystack,” according to Alert Logic cybersecurity evangelist Paul Fletcher. The exploit demonstrates the “24/7 battle” that security professionals are up against, he wrote in an email to SC. “Good application security and DevSecOps practices would minimise these types of vulnerabilities.”