Surprising Wireless Public Access

This afternoon, after a somewhat disorienting morning, I went to the local Starbucks on Pearl Street for a cup of coffee and a chance to do some homework for my Economics Class, and noticed that my TiBook had found a computer-to-computer network. I connected, knowing it was from another laptop in the café. I was right, and it was weird to be seeing the “My Pictures” folder from another system…

Since it connected via smb: I assume that it was actually a Windows-based laptop, not another Macintosh, but then again, the folder named “My Pictures” seems very Mac to me too. At first I figured that seeing the wireless network and being able to connect were two different things, and that I’d never be able to actually see anything on the other system. I was wrong.

I connected as ‘guest’ with password ‘guest’, and, to my surprise, I was presented with a “Sharing Folder” and a “My Pictures” as the two possible mount points. The former had their résumé, but the latter, well, that was most interesting and disturbing at the same time.

This person had about ten different folders in their picture directory, including one called “Elvis”, with, I think, about 120 pictures. I thought “Elvis? A fanatic? Sitings for The National Enquirer?” so I took a look, just to find that they were pictures of a cat: Elvis, presumably, is their cat.

Additional folders were labeled “Family”, “Trips”, “Demos” and more…

What’s disturbing is that the person whose computer I was exploring had no idea I was even connected to them. If I was so inclined, I could easily have copied their résumé, grabbed copies of their family pictures, and built up a pretty decent social engineering attack against that person. Certainly enough to approach them with some semblance of being a known individual. “Mr. Richards. Sorry to barge in, but I’m with the accounting department at (name of last place of employment). I recall from your file that you live on (street name) here in (city), but we need your social security number. I can call you tomorrow if you’d like, but if you wouldn’t mind sharing it with me now, since we happen to be here at Starbucks together, I’ll be able to process a 401k dispersement check first thing and get it out to you.”

How many people searching for a job (or otherwise) would be suspicious of that?

The moral of the story: shut off public access to your laptop!!

Leave a Reply

Your email address will not be published. Required fields are marked *