Saturday, December 14, 2024
HomeCyber Security News23-year-old Security Engineer Pleaded Guilty For Hacking the Hotel WiFi and Exposing...

23-year-old Security Engineer Pleaded Guilty For Hacking the Hotel WiFi and Exposing Admin Credentials

Published on

SIEM as a Service

A 23-year-old Chinese security engineer hacked into the hotel WiFi system and disclosed the administrator credentials in a blog post.

Zheng Dutao is a security engineer at Tencent when he participated Hack In The Box conference in Singapore he tested the hotel WiFi for possible vulnerability.

How Zheng Gained Access to Hotel WiFi

He found that the Fragrance Hotel he checked in is using AntLabs’ IG3100 device with the authentication page ezxcess.antlabs.com, he learned further by googling that device contains backdoor accounts for telnet, FTP and he found the default passwords.

- Advertisement - SIEM as a Service

By using the default password he gained access to a limited shell on the device and he tried various exploits and injects methods to determine the MYSQL password, but he eventually spotted the MySQL password and with the password, he connected to MySQL database.

He obtained the administrator’s account password from the database and logged into the device successfully. He posted the findings in his personal and shared online.

The Hotel’s Vice-president reported to authorities about the hack attack on September 1, Cyber Security Agency of Singapore immediately alerted another hotel after finding his blog and take him to custody.

The Singapore authorities fined 5,000 Singapore dollars, saying that Zheng Dutao seemed to commit crimes out of curiosity and did not cause any potential loss.

As a cybersecurity professional, Mr. Zheng Dutao should be aware that after the administrator password is posted on the blog, the possibility of using the password for illegal purposes is extremely high,” said the Deputy Prosecutor.

Zheng Dutao may have been jailed up to three years and he will be fined up to 10,000 Singapore dollars for unauthorized password disclosure, reports Chinese news outlet.

Related Read

WiFi Broadcasts in All Version of Android OS Leaking Sensitive Data Including IP Addresses, BSSID, WiFi Network Name

Wi-Jacking – New Wifi Attack Allow Accessing Millions of Neighbour’s WiFi Without Cracking

EE’s 4G WiFi Modem Privilege Escalation Vulnerability Allows Let Attacker Bypass & Gain Windows Access

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

“Password Era is Ending,” Microsoft to Delete 1 Billion Passwords

Microsoft has announced that it is currently blocking an astounding 7,000 password attacks every...

Over 300,000 Prometheus Servers Vulnerable to DoS Attacks Due to RepoJacking Exploit

The research identified vulnerabilities in Prometheus, including information disclosure from exposed servers, DoS risks...

Reyee OS IoT Devices Compromised: Over-The-Air Attack Bypasses Wi-Fi Logins

Researchers discovered multiple vulnerabilities in Ruijie Networks' cloud-connected devices. By exploiting these vulnerabilities, attackers...

New Android Banking Malware Attacking Indian Banks To Steal Login Credentials

Researchers have discovered a new Android banking trojan targeting Indian users, and this malware...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

“Password Era is Ending,” Microsoft to Delete 1 Billion Passwords

Microsoft has announced that it is currently blocking an astounding 7,000 password attacks every...

Over 300,000 Prometheus Servers Vulnerable to DoS Attacks Due to RepoJacking Exploit

The research identified vulnerabilities in Prometheus, including information disclosure from exposed servers, DoS risks...

Reyee OS IoT Devices Compromised: Over-The-Air Attack Bypasses Wi-Fi Logins

Researchers discovered multiple vulnerabilities in Ruijie Networks' cloud-connected devices. By exploiting these vulnerabilities, attackers...