A 23-year-old Chinese security engineer hacked into the hotel WiFi system and disclosed the administrator credentials in a blog post.
Zheng Dutao is a security engineer at Tencent when he participated Hack In The Box conference in Singapore he tested the hotel WiFi for possible vulnerability.
He found that the Fragrance Hotel he checked in is using AntLabs’ IG3100 device with the authentication page ezxcess.antlabs.com, he learned further by googling that device contains backdoor accounts for telnet, FTP and he found the default passwords.
By using the default password he gained access to a limited shell on the device and he tried various exploits and injects methods to determine the MYSQL password, but he eventually spotted the MySQL password and with the password, he connected to MySQL database.
He obtained the administrator’s account password from the database and logged into the device successfully. He posted the findings in his personal and shared online.
The Hotel’s Vice-president reported to authorities about the hack attack on September 1, Cyber Security Agency of Singapore immediately alerted another hotel after finding his blog and take him to custody.
The Singapore authorities fined 5,000 Singapore dollars, saying that Zheng Dutao seemed to commit crimes out of curiosity and did not cause any potential loss.
As a cybersecurity professional, Mr. Zheng Dutao should be aware that after the administrator password is posted on the blog, the possibility of using the password for illegal purposes is extremely high,” said the Deputy Prosecutor.
Zheng Dutao may have been jailed up to three years and he will be fined up to 10,000 Singapore dollars for unauthorized password disclosure, reports Chinese news outlet.
Wi-Jacking – New Wifi Attack Allow Accessing Millions of Neighbour’s WiFi Without Cracking
Recent research has revealed that a Russian advanced persistent threat (APT) group, tracked as "GruesomeLarch"…
Microsoft's Digital Crimes Unit (DCU) has disrupted a significant phishing-as-a-service (PhaaS) operation run by Egypt-based…
The Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in Central…
Earth Kasha, a threat actor linked to APT10, has expanded its targeting scope to India,…
Raspberry Robin, a stealthy malware discovered in 2021, leverages advanced obfuscation techniques to evade detection…
Critical infrastructure, the lifeblood of modern society, is under increasing threat as a new report…