Amihai Neiderman, head of research firm cybersecurity Equus Technologies, noted the existence of a WiFi network that had never seen the way home from work. This is something that we suspect any of us as WiFi networks increasingly available there. However, there was something odd about this access point detected by Amihai and that there was no building nearby. The name of the hotspot he saw, advertised as “FREE_TLV,” and soon he found out that it was a free WiFi installed by the local administration of the city of Tel Aviv in Israel. Intrigued by this, decided to get down to work to see whether it was safe or not. During the following weeks, he devoted himself to it in his spare time. The first thing he did was connected to one of the many points available throughout the city and check the public IP address assigned to him. Then he looked for open ports on the router responsible for connecting and he found that the device was serving a web-based login interface over port 443 (HTTPS). This section showing the manufacturer’s name, but no other information of interest. So after this, he had to analyze the firmware offered by the manufacturer on its website for possible security flaws. Although it used an encryption method that complicated matters to third parties trying to access, could easily bypass this protection and access the CGI scripts (Common Gateway Interface). Soon he spotted a vulnerability “buffer overflow” that he can take advantage of without any problem. Hence, through this, he managed to gain complete control of the router responsible for providing Internet access to the entire city through a public WiFi network. The problem with this vulnerability is that it can expose thousands of users who connect to a public WiFi network. Therefore, users should take measures to connect to these networks and, as a general measure, should use a VPN for it.
