Reply to post: Quite a faff...

Take a pinch of autofill, mix in HTTP, and bake on a Wi-Fi admin page: Quirky way to swipe a victim's router password

Joe W Silver badge

Quite a faff...

... and not that probable to work (or maybe I am missing the point [1]?). Most home-used routers (should!) require authitification via WPA2 or somesuch, which is not handled by the browser.

It would work in hotels, where you get some printed out key to connect to the hotel's wifi through an http website, true, and if the hotel is configured that way, you could then use up a person's data allowance - if there is one. However, I had some cases where the key is linked to the device's MAC, which can of course also be spoofed (did that once or twice, first connected the phone, then tried with the laptop, had to cahnge the MAC to connect...).

What you could get this way is a person's password for their router. Which is of limited help, because the router sits on a wifi network that is (ok, should be...) secured by other means (WPA2...). Unless, of course, you rebuild the complete router admin website and then ask the user to fill in their broadband access code in there. This would require to know which kind of device the target has (some routers advertise it in the SSID, and you could also find out the manufacturer from the MAC). Quite a faff, indeed....

[1] we are missing a caffeinated-beverage-icon, so I chose a beer instead...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2021