Social Engineering for the hell of it.

Aug 27, 2015 11:47 AM

I've recently been on holiday in Europe, staying in a hotel that was part of a big chain that included many in the local area. A quick review of the wi-fi within range of my room showed that there was another in the chain that was in range of my Yagi Turbotenna, which naturally got me thinking. If I wanted an anonymous internet connection, this could be quite handy.

After packing off the family so that I could have a couple of hours to myself I wandered over to the nearby hotel, carrying a beach bag, wearing shorts and looking like exactly what I was, a tourist. The hotel operated exactly like my own, in that it had no security on the entrances and people were free to wander in and out as they pleased. I settled myself by the pool and began people watching, behind my inconspicuous sunglasses.

After a while I spotted exactly what I was looking for; the guests here used keycards that were identical to the one I used in my hotel. Unsurprising as they were part of the same chain. I packed my bag and headed for the foyer.

Carrying my Kindle in my hand, and with my hotel keycard plainly visible on top, I approached the reception desk and explained that when I arrived I had not asked for the wi-fi login details. Note that I did not say that that I had not requested them when I "checked in"; if I had done so and the receptionist had asked for my name and room number I'd have been screwed. As it was, if she'd asked for more info I'd have said I was visiting a guest but did not know their room number as we were chilling by the pool.

In any case she simply reached under the desk and produced a small slip of paper upon which were written the login and password for the hotel wi-fi. Result! I went back to the pool, bought a beer and caught a few rays before heading back to my own hotel with the ability to log onto a separate wi-fi system that would have been almost impossible to track back to me. No need to aircrack, reaver or pixie-dust, just a bit of forethought and the balls to blag it. A simple example of why the human element is most probably going to be the easiest way to compromise a system.

Happy hacking folks.

Related Articles

637263493835297420.jpg

How to Use Zero-Width Characters to Hide Secret Messages in Text (& Even Reveal Leaks)

636455706472146367.jpg

How to Hide DDE-Based Attacks in MS Word

Comments

No Comments Exist

Be the first, drop a comment!