Various vulnerabilities exist in the FON free wifi service.
8ea74b8fe945edae4bd53ec05f5f387e6de5f100ff4df43b976dda7467357b51FON (www.fon.com) is some semi-free wifi service. Members contribute
their connection and allow other FON users to use their connections
for free or small money (depends, the users have to contribute their
connection to get free access).
Although the users have to identify at the hotspot, we have
problem #1:
===========
The police would'nt care that you share your internet connection when
they find your IP in some logs related to hacking, copyright issues,
child porn or whatever. They will first confiscate your equipment and
ask then.
problem #2:
===========
It is or was possible to steal anyone's credentials:
http://fon.freddy.eu.org/pcap-decoder/howto/
problem #3:
===========
At the time, when I realized the existance of FON, it was possible to
register with fake e-mail addresses, because they had a lame
verification mechanism (something like
http://fon.com/verify.php?email=president@whitehouse.gov). I
successfully registered dozens of fake accounts that way and all these
accounts still work. At least that hole has been fixed in the
meantime.
However. Although problem #2 has been made public, no "please set a
new password" requests have been sent to the subscribers. Although
they seem to know that they had problem #3 (otherwise they would'nt
have fixed it), they did no approach to *verify* their user identies
(my "regular" FON account has not been verified and my fake accounts
still work).
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed