Deep Dive
How did the caller in Australia manage to get free internet for three years?
The caller discovered that a major Australian internet provider ships modems with default SSIDs and passwords. The default password is always an 8-digit number. By capturing a Wi-Fi handshake through sniffing or a deauth attack, converting it to a format readable by Hashcat, and using the program to brute-force the password, the caller could access free internet anywhere in Australia.
What is the significance of the default password structure used by the Australian internet provider?
The default password structure is significant because it is always an 8-digit number with no characters, symbols, or uppercase letters. This simplicity makes it easier to brute-force using tools like Hashcat, which can process millions of password combinations in minutes.
What was the Canadian caller's method for exploiting a grocery store's loyalty points system?
The Canadian caller exploited a grocery store's loyalty points system by submitting multiple online complaints for missing points, which equated to $10 increments. Initially, the system lacked a captcha, allowing the caller to spam claims overnight. Later, the system changed to auto-approve claims under $10 if the account had spent $10. The caller then created multiple accounts and linked them to cycle the $10 claims, effectively creating an unlimited money glitch.
How much money did the Canadian caller accumulate through the loyalty points exploit?
The Canadian caller accumulated just under $10,000 Canadian in one year by exploiting the loyalty points system, completing 996 transactions in the process.
What security flaw did the caller discover in the PeopleSpy app?
The caller discovered that the PeopleSpy app stored metadata, including social security numbers, in plain text files on the device. This allowed anyone with access to the device to view sensitive personal information without any encryption or protection.
What did the high school student exploit in the EBS program at his school?
The high school student exploited the EBS program by gaining access to the teacher's login credentials, which provided unrestricted access to the school's computer network. He discovered that all quiz questions and answers were stored in unencrypted text files, allowing him to download the software and access all the answers, which he then shared with his classmates.
- Exploiting default modem credentials for free internet access in Australia
- Using deauth attack and Hashcat to crack default passwords
- Prevalence of vulnerable modems from a major Australian ISP
Shownotes Transcript