[ISN] Exclusive: hackers make chop suey of wireless security

From: InfoSec News (isnat_private)
Date: Fri Mar 29 2002 - 00:49:12 PST


By James Middleton [28-03-2002]
vnunet.com investigation reveals Wagamama noodle chain has no wireless
security and is open to hackers

According to underground culture, the staple diet of hackers is Jolt
cola and Ramen noodles. But the food could be could be picked up for
free after hackers discovered a gaping security hole in the network of
noodle house Wagamama.

vnunet.com today received an email from an anonymous hacker who
claimed to have gained access to the wireless network at the Wagamama
branch on London's Lexington Street, just down the road from
vnunet.com's centre of operations and its investigative news team

The hacker told us: "It wasn't that the wireless security was weak. It
was crap. There was no security at all."

"Me and good old time OpenBEOS kernel hacker went down yesterday night
to our 'favourite' restaurant to get a nice warm bowl of noodles,"  
wrote the hacker.

"The thing striking us in the first place is that [Wagamama] changed
all their remote terminals used to collect orders with nifty little
Compaq iPaqs, and that, incredibly enough, all those iPaqs have a
Lucent 802.11 wireless network card sticking out, and blinking

Whipping out a wirelessly equipped laptop the hackers sniffed around
and found that the 802.11 network was publicly accessible.

"No wireless encryption protocol, no passwords, not the slightest
difficulty to pick up the signal and start snooping packets," said the
hacker. "In less than one minute we had enough information to access
the network entirely, and start to have some fun."

The hackers then furnished us with a list of IP addresses
corresponding to network objects on Wagamama's system.

"In few moments we basically found that xxx.xxx.x.x is their billing
server, and it runs SCO OpenServer 5.0 (pretty easy to hack into, if
you carry around a copy of NMAP or any other port-scanning software
...). I'm not going to tell you how, it's pretty easy to do it, but
you can walk away with a full five-course Asian meal paying only for a
bottle of coke, or a beer," he said.

Worryingly this indicates that the hackers gained access to financial
records and billing systems which were left completely unprotected.

They also informed us that they had discovered a router which allowed
access to other networks, possibly other branches in the Wagamama
chain, as well as the company's mail server.

vnunet.com despatched senior reporter James Middleton to conduct an
urgent investigation.

The manager on duty in the Lexington Street branch said that he had no
idea of the lack of security.

"I was not aware of this problem," he explained. "But it is terrible.  
Getting access to some things like the food orders is not so
important, but if they could access the billing system that is a

Paul O'Farrell, commercial manager of the company, said he wasn't
aware of the problem as network management was outsourced to GEAC,
which specialises in restaurant IT systems.

"The wireless network is a stand alone in each restaurant," he said.  
"They would only be able to get as far as the server in each branch.  
Although there is a router it only goes through to the network at
GEAC, not other branches."

O'Farrell said that the migration to a wireless network and iPaq
handhelds from a proprietary GEAC system was only recently undertaken,
but that this discovery raised issues that "need to be addressed".

"It is possible a malicious or mischievous user could use this
information to crash the server," he said. "But they couldn't really
do any other damage."

ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
of the mail.

This archive was generated by hypermail 2b30 : Fri Mar 29 2002 - 04:36:32 PST