Sapsana Wi-Fi hacked in 20 minutes

Public Wi-Fi Security Once Againdemonstrated its failure. This time, a user of the Habr IT blog hiding under the nickname keklick1337 told about the Wi-Fi hacking in the Sapsan train that was going from St. Petersburg to Moscow. By quickly breaking into Wi-Fi trains, the enthusiast was able to get a list of passengers on the current flight.

Notably, keklick1337 was returning tothe capital after the ZeroNights information security conference. During the trip, the expert tried to work on the Internet, however, communication was only available through slow 2 G networks and he decided to connect to the Wi-Fi train for the first time.

When authorizing to log in to Sapsanyou must enter the number of the seat, wagon and the last 4 digits of the passport number. Wi-Fi of the train also showed low speed and out of boredom keklick1337 decided to check what confidential passenger data is stored on the server. The user was able to hack Wi-Fi and access passenger data in just 20 minutes. To penetrate the system, he used programs for network scanning and utilities for finding vulnerabilities.

According to keklick1337, Peregrine Falcon usesA single server for storing all data, and passwords are always identical. Identified confidential data contained information about the passengers of the current and other train flights. The specialist noted that railway workers are poorly worried about the security of personal data of passengers and did not purchase an encryption certificate for HTTPS using the free Let’s Encrypt.

Source: habr