First of all I need to add a disclaimer here. The techniques I am using are just basic terminal commands and practising the common sense. This isn't a penetration testing neither a system exploitation. The outcome of this experiment is the eradication of the default credentials. [admin/admin, root/toor, admin/password...]
All the venues have been notified and by the time this article is published they should take care of the security issues. No name will be disclosed and some information might be censored.
I came back to my Shared House after exploring the city when the lag in my iPhone started to annoy me. Men, I was in Japan, the fastest Internet connection in the world. The trigger for this experiment was the frustration of uploading to instagram a picture that takes forever.
You probably expect the video surveillance system to be secure in any venue. Curious enough in my first Share House in Tokyo this wasn't the case. In fact the router was "more secure" than the repeaters and the surveillance system.
$ ifconfig # broadcast 192.168.1.255 $ sudo nmap -sP 192.168.1.0/24
Not so much devices were connected to the network but something caught my eye. Multiple
Elecom systems have a consecutive IP addresses (n+1). From 192.168.1.21 to 192.168.1.25.
When I was checking-in, in the front desk monitor there were broadcasting five security cameras.
It is looking suspicious... wow Basic Auth, there is no way the default password for admin is enabled. WAT?
The staff were notified... but, I was wondering... Is this a common scenario? Will I trust my security to this venues. After all, they usually do a great job, computers though is a skill they need to work on.
The second venue were slightly better in the video surveillance system. They used a subnetwork that contains and exposes an organization's external-facing services to an untrusted network (or that's what I want to believe).
But ZERO security in any system connected to the main network. Router, switch, repeaters...
The search of the perfect venue, accommodation-technical security balance will drive me to Kyoto. Will the millennial city be the hidden gem of Maikos and Hackers?