Residents and guests of Moscow should thoroughly reflect on the security of personal data before connecting to a free Wi-Fi metropolitan subway. Programmer Vladimir Serov revealed a serious vulnerability on the Wi-Fi “MT_FREE” network, which is provided by Maximelcom.
Vladimir Serov, an application developer for Android devices, found that data from users of a free Internet are absolutely not protected and any interested person can get access to them. The Maximelecom company, in addition to the Moscow Metro, supplies some suburban trains with free Internet, in particular the Swallows and Aeroexpresses, as well as in test mode, the St. Petersburg metro. In total, at least 12 million users are registered in it.
The developer noted that the authorization page code on the MT_FREE network contains uninfected passenger data that are tied to the device MAC address. When changing the address, you can get other people’s data: phone number, gender, age group, marital status, etc. As evidence of his suspicions, the programmer wrote a script that was able to track the movement of a user connected to a Wi-Fi.
At first, Serov wrote about his find on the official website of the mayor of Moscow, setting out in detail the essence of vulnerability. However, the response did not follow, which forced the programmer to place the news on the Habrahabr portal and clearly demonstrate through the script, how the movement of a particular user was monitored. After that, the operator encrypted the phone numbers, which, however, is insufficient to protect the subscriber data of users of this Wi-Fi network. According to a conscious citizen, the problem has not been solved, because the data of the recipients of Wi-Fi are still open. This indicates the greed of the company’s management, since the developers could not help but know about such an error, and Maximelcom has elementarily saves servers.
Source: The-Village.ru
Residents and guests of Moscow should thoroughly reflect on the security of personal data before connecting to a free Wi-Fi metropolitan subway. Programmer Vladimir Serov revealed a serious vulnerability on the Wi-Fi “MT_FREE” network, which is provided by Maximelcom.
Vladimir Serov, an application developer for Android devices, found that data from users of a free Internet are absolutely not protected and any interested person can get access to them. The Maximelecom company, in addition to the Moscow Metro, supplies some suburban trains with free Internet, in particular the Swallows and Aeroexpresses, as well as in test mode, the St. Petersburg metro. In total, at least 12 million users are registered in it.
The developer noted that the authorization page code on the MT_FREE network contains uninfected passenger data that are tied to the device MAC address. When changing the address, you can get other people’s data: phone number, gender, age group, marital status, etc. As evidence of his suspicions, the programmer wrote a script that was able to track the movement of a user connected to a Wi-Fi.
At first, Serov wrote about his find on the official website of the mayor of Moscow, setting out in detail the essence of vulnerability. However, the response did not follow, which forced the programmer to place the news on the Habrahabr portal and clearly demonstrate through the script, how the movement of a particular user was monitored. After that, the operator encrypted the phone numbers, which, however, is insufficient to protect the subscriber data of users of this Wi-Fi network. According to a conscious citizen, the problem has not been solved, because the data of the recipients of Wi-Fi are still open. This indicates the greed of the company’s management, since the developers could not help but know about such an error, and Maximelcom has elementarily saves servers.
Source: The-Village.ru