Slashdot Mirror

← Back to Stories (view on slashdot.org)

How to Take Over a Train Station

Posted by timothy on from the just-add-colons dept.

ThinkComp writes "Everyone knows that home wireless networks are insecure, but who would expect a major transportation hub to be vulnerable to the same problems? Well, waiting for my friend's train at South Station in Boston, MA, I happened to notice that it was possible to take control of the entire station's wireless network, including its home page and authorization method (free wireless, anyone?)--and those of thirty other businesses throughout Massachusetts, thanks to a few coding errors on the part of the wireless company with which South Station contracted."

18 of 356 comments (clear)

  1. Google HTML version available :) by LiquidCoooled · · Score: 5, Informative

    Here :)

    --
    liqbase :: faster than paper
  2. There is one silly error in an otherwise great art by drinkypoo · · Score: 5, Informative

    ...icle: "Unless something is done to force accountability for wireless devices, perhaps by recording ethernet MAC addresses (which are unique and hard-coded to a physical piece of hardware)" ... uh, no they aren't. Most devices allow you to change your MAC with impunity. Others can be hacked to do so, by tweaking their firmware. MAC addresses meant something back in the day when they were hard to change (it's never been impossible) but those days are long gone.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  3. Re:who did you tell? by mtrisk · · Score: 4, Informative

    RTFA. He tried to contact the administrators, and was giving the cold shoulder. They even suggested reporting himself to "abuse".

    --

    Without a proper flamewar, Anonymous was undecided on what shell to run.
  4. accountability? by l2718 · · Score: 4, Informative

    Very good article. However, one of the author's ideas for improving security doesn't actually hold water. The problem is to verify the identity of people being assigned dynamic IP addresses on a wireless network. He proposes

    "... to force accountability, ... by recording MAC addresses (which are unique and hard-coded to a physical piece of hardware)"

    Actually, most network cards allow you to set the MAC address by software if the factory one isn't good for you. For example, this is needed for drop-in-replacement functionality.

    1. Re:accountability? by l2718 · · Score: 5, Informative

      By the way, instructions on how to change your MAC address on various operating systems may be found in the wikipedia .

  5. misleading title and rather arrogant, IMHO by Anonymous Coward · · Score: 3, Informative

    This fella just cracked the "wireless" router put in place for patrons; he didn't break into the train station's systems. The title should be changed. Also, his writeup is well, boring (and obvious), like I found a wireless router in a similar state about a year ago in a coffee house. Unlike him, I didn't poke around, I reported the issue directly, called the programmers involved and got them a bit admonished.

  6. Re:There is one silly error in an otherwise great by molo · · Score: 5, Informative

    BTW, for windows, there is a great tool called MacShift that will allow you to randomize your MAC address. Just make a shortcut and run it before you connect to any wireless network, and you'll have a different one each time. No tracing there.

    -molo

    --
    Using your sig line to advertise for friends is lame.
  7. Re:who did you tell? by Saeed+al-Sahaf · · Score: 2, Informative

    Well, it does say he tried to contact Cincinnati Bell, but it says nothing about GuestBOX or the train people.

    --
    "Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
  8. Re:Of Astroturf and Grandstanding by Anonymous Coward · · Score: 2, Informative

    Actually, it's a computerized flip chart. If you walk out onto the train platforms, they have TV screens displaying the same information, which are synchronized with Back Bay Station. (North Station also has TV screens, but they use a totally different system. Go figure.)

    That said, your point is right, and it's too bad, if not entirely unexpected, that this guy has too much of an ego. Of course, it would also help if timothy read articles before posting.

  9. Re:Fork bombs by Silent_Fire · · Score: 2, Informative

    Most systems now limit the number of processes and threads on a per-user basis, meaning that your fork bomb eats up your space, but won't bring the entire system down.

  10. Re:There is one silly error in an otherwise great by Black+Acid · · Score: 5, Informative
    Your MAC address is (well SHOULD be) "unique and hard-coded to a physical piece of hardware". It is physically tied to your NIC, and you can not change it. What you can do however is change how it is represented in software, so that the other party never sees your actual physical MAC address, but the idea that you can actually change your MAC address is just plain wrong. Feel free to try, change the MAC, then switch the NIC to another machine and see if it retains the original or altered address.
    Of course, it all depends on the NIC, but I was able to flash my Orinoco wireless card's firmware, successfully changing its MAC address. My address was retained under Linux and Windows, so I assume it was physically changed. (I also was able to upgrade the Orinoco from Silver to Gold encryption, US to Japan frequencies, and change the serial number). Its true that most people who change the MAC really only change it in software, but its definitely possible to change it in hardware as well. Not that there is any reason to...
    --
    Tired of free ipod spam sigs? Opt ou
  11. Re:That's a stupid question by timeOday · · Score: 5, Informative
    They wouldn't let just anybody in the control room at Paddington station in London, would they?
    This is irrelevant. Nobody took over a train station; the story title is a lie. All they did was circumvent the payment system for wifi internet access and avoid paying an hourly fee for internet access. The fact that this was at a train station has nothing to do with the story, except making it read better.
  12. MAC addresses are not immutable! by Jack+Greenbaum · · Score: 3, Informative
    The end of the article suggests that recording MAC addresses is a way to track users on the internet, the author implies they cannot be forged. Hah! Ethernet and wifi devices have to store their MAC address somewhere, and that somewhere when power is on is in a register that is almost always writable by a device driver. Furthermore, since MAC addresses only stay on the physical subnet, there is no was to identify the MAC address from the other side of a router.

    The only way to really track people is by using a transport protocol with authentication. Somehow I don't think the world is ever going to agree on one.

    -- Jack

  13. Evidence? Who needs it? by Otto · · Score: 4, Informative

    And his evidence for this is, what? His own personal opinion?

    While I agree with you on the fact that he's just speculating at that point, nevertheless a possibility exists for this sort of thing to happen.

    Simple example: I went wardriving through town once. I found a lot of connections of course, but basically I just set the sniffer up on the laptop and drove around slowly. Later, when I got home, I checked out what I had found, and using timestamps I figured out where the different access points I had found were (I lacked a GPS then).

    One of the ones I found was a drugstore. I looked at the raw trace and saw some really odd plaintext there. So I went back and left the laptop in the car while I went in and bought some stuff and took a look around.

    What I found:
    - Their cash registers were all wirelessly linked to some system in the back. When you scanned an item, the barcode was read, transmitted to the machine in the back, which looked up the price and spat it back to the register. Credit card authorization was handled the same way. All this was plaintext, as I looked at the data and found my credit card number as well as barcodes from the items I purchased in there. Didn't understand the formatting, but it wasn't too difficult to see my name and credit card number stand out like a shining beacon.
    - Some kind of prescription transactions were wireless as well. While I didn't get a lot of data of this sort, there were packets containing various drug names, in plaintext, being sent over the air. I'd bet money that insurance information as well as whoever bought the prescription would have eventually gone out in the clear too.

    The point being that security was basically non-existant for something you have a reasonable expectation of being private. I mean, when you design a wireless network to handle credit transactions, you'd think some form encryption would be pretty frickin' obvious, right? Let alone tossing somebody's prescription info out onto the airwaves.

    So while he didn't state you could change the lights and has no idea if you can actually fuck with the trains, the point I think he was trying to make is that clearly security is not at the forefront of the minds of a lot of people for this sort of thing. Admittedly, my drugstore example happened a couple years back, and may have been fixed by now, but this sort of thing happens because people don't think about it being an issue. It's that part that needs to be fixed. Whether any given example can actually be compromised in a serious way is not the point.

    --
    - Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
  14. Not wireless by cgenman · · Score: 5, Informative

    Actually this is some very basic HTML hacking. He went to their service, which re-directs all new people to their home page. He directory surfed around the web server, and found a few dozen other sites, as well as the company's home page. He tried some very basic password combinations, (like test:test), and got control over some active sites. These sites included customer information and credit card databases.

    So really, the site that served images from an unobfuscated directory allowed the person to know what to look for, the directory was fully listed in a way that directories shouldn't. The passwords were very, very insecure. This had nothing to do with wireless security, but rather web services security, and basic things for security that people don't do.

    The passwords in the article, BTW, no longer function. At least, not form my remote machine. Anyone reading this from South Station wish to see if the passwords still work on-network?

    --
    The ______ Agenda
  15. Re:Illegal access by oasisbob · · Score: 2, Informative
    It's like the the people who abused the ATMs in New York after 9/11. When they made the first withdrawal and saw that their balance didn't decline, they should have called the bank and reported it. Nothing gave them the right to keep making withdrawals. If I leave me door unlocked, it may make me an idiot, but it doesn't give some dude the right to come in to my house, and take something and walk out the door, even if you come right back in and put it back.

    More information on post 9/11 ATM Withdrawls
    Press Release from the DAs office

    Fairly interesting story -- one that I hadn't heard before.
  16. Slashdot bought out by Fox ? by sjf · · Score: 2, Informative

    Excellent piece. Anyone who bothered to RTF(boring,pedantic,condescending)A would quickly see that the headline is a complete fiction. All the author did was exploit a hole in a for-pay Public Access WiFi network. No opportunity to route trains onto otherwise occupied platforms. No threat to a "major transportation hub."

    Just some guy doing trivial guesswork to get free wireless access...that happens to be at Boston's South Station

    Was writing the article his post-priori justification for the service theft ?

  17. Re:That's a stupid question by coreymichaelbarr · · Score: 2, Informative

    In some places, especially smaller businesses, it is the secretary or office manager that also handles the IT. Usually that means buying computers from Dell when the time comes, or calling the outside IT vendor to troubleshoot the e-mail. But not always -- I work in a highrise building and I would be the one to either work with a vendor to set up a Wifi hotspot in the building, or to do it myself. Either way, I would have to use my limited knowledge to either do it or to double-check the work of the vendors.

    How did I end up with this? Well, it's simply because as the office manager guy, I happen to know more about computers than the people that know more about the plumbing/HVAC/etc. in the building. That doesn't automatically make me an expert. And even if I outsourced it to a vendor, it doesn't mean they'd deliver a solution where I could verify its security via obscure exploits that I don't know how to use.