Optimum Online Wifi: Voluntarily Pwnd
Posted on 19. Aug, 2009 by zevmo in Technology
So, one of the great things provided by Optimum Online, is loads of free wi-fi locations all over the NY/NJ area. This comes in handy in a pinch. The problem is, it is a total security hole. 
Now, you can try and attack the router, but why? What info can you get that can’t be provided by simply applying the simple tool of naming your own router to Optimum Wi-Fi, and off to the sniffing track you go! There are other ways to get a person to automatically attach to your access point, no problem. Since most computers will automatically scan for networks by asking, “are you abcrouter?”, and all you have to do is say yes.
Now, if you really want to be super hackerific, I mean ATM in the Riviera lobby dubious, or just a reason to use your handy wi-fi pineapple, you can create a simple login page using the html from the one provided by optimum, and now you have a username/password for their account. And you know, many users use the same username/password for all of their account login information of different web sites.
This is unacceptable. Optimum must have some kind of way to verify the accuracy through a certificate (they currently use one, but the average user will not check an automatic cert), or something, to make sure customer information is “protected”, kinda.
