Monday, March 4, 2024

23-year-old Security Engineer Pleaded Guilty For Hacking the Hotel WiFi and Exposing Admin Credentials

A 23-year-old Chinese security engineer hacked into the hotel WiFi system and disclosed the administrator credentials in a blog post.

Zheng Dutao is a security engineer at Tencent when he participated Hack In The Box conference in Singapore he tested the hotel WiFi for possible vulnerability.

How Zheng Gained Access to Hotel WiFi

He found that the Fragrance Hotel he checked in is using AntLabs’ IG3100 device with the authentication page ezxcess.antlabs.com, he learned further by googling that device contains backdoor accounts for telnet, FTP and he found the default passwords.

By using the default password he gained access to a limited shell on the device and he tried various exploits and injects methods to determine the MYSQL password, but he eventually spotted the MySQL password and with the password, he connected to MySQL database.

He obtained the administrator’s account password from the database and logged into the device successfully. He posted the findings in his personal and shared online.

The Hotel’s Vice-president reported to authorities about the hack attack on September 1, Cyber Security Agency of Singapore immediately alerted another hotel after finding his blog and take him to custody.

The Singapore authorities fined 5,000 Singapore dollars, saying that Zheng Dutao seemed to commit crimes out of curiosity and did not cause any potential loss.

As a cybersecurity professional, Mr. Zheng Dutao should be aware that after the administrator password is posted on the blog, the possibility of using the password for illegal purposes is extremely high,” said the Deputy Prosecutor.

Zheng Dutao may have been jailed up to three years and he will be fined up to 10,000 Singapore dollars for unauthorized password disclosure, reports Chinese news outlet.

Related Read

WiFi Broadcasts in All Version of Android OS Leaking Sensitive Data Including IP Addresses, BSSID, WiFi Network Name

Wi-Jacking – New Wifi Attack Allow Accessing Millions of Neighbour’s WiFi Without Cracking

EE’s 4G WiFi Modem Privilege Escalation Vulnerability Allows Let Attacker Bypass & Gain Windows Access

Website

Latest articles

US Court Orders NSO Group to Handover Code for Spyware, Pegasus to WhatsApp

Meta, the company that owns WhatsApp, filed a lawsuit against NSO Group in 2019....

New SSO-Based Phishing Attack Trick Users into Sharing Login Credentials  

Threat actors employ phishing scams to trick individuals into giving away important details like...

U.S. Charged Iranian Hacker, Rewards up to $10 Million

The United States Department of Justice (DoJ) has charged an Iranian national, Alireza Shafie...

Huge Surge in Ransomware-as-a-Service Attacks targeting Middle East & Africa

The Middle East and Africa (MEA) region has witnessed a surge in ransomware-as-a-service (RaaS)...

New Silver SAML Attack Let Attackers Forge Any SAML Response To Entra ID

SolarWinds cyberattack was one of the largest attacks of the century in which attackers...

AI Worm Developed by Researchers Spreads Automatically Between AI Agents

Researchers have developed what they claim to be one of the first generative AI...

20 Million+ Cutout.Pro User Records Leaked On Hacking Forums

CutOut.Pro, an AI-powered photo and video editing platform, has reportedly suffered a data breach,...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Live Account Takeover Attack Simulation

Live Account Take Over Attack

Live Webinar on How do hackers bypass 2FA ,Detecting ATO attacks, A demo of credential stuffing, brute force and session jacking-based ATO attacks, Identifying attacks with behaviour-based analysis and Building custom protection for applications and APIs.

Related Articles