So today I am flying to Atlanta on a Delta flight. I had lots to catchup on so I sat working away on PowerPoints and Demos for sessions I have coming up and all was well. Once I competed that I opened up my phone and it displayed a two Wifi networks on the plane, the one we all know is “GoGoInFlight” the other was interesting called “GoFlex“. Now the only time I have seen this Wifi network before is when using an out of the box setup of the “GoFlex” devices from Seagate which broadcasts a Wifi network so you can connect to it. Surely no-one would bring an out of the box configured device like this on the plane?
So I wanted to see if would be able to connect to it, so I tried and to my surprise it connected which was “issue number 1“. Next I wanted to try browsing to the internet which should redirect me to the web console, “issue number 2” it worked. If you have not used one of these devices before you can see the web console below.
As you can see this a web interface designed for you to navigate the content and configure settings. So I click around for a bit and notice there are Videos and Images stored here and lots of them, which of course are personal and probably not meant to be visible to anyone on the plane who connects to the broadcasting Wifi network.
Though this may seem concerning, the main issue is that I was able to connect to it with no security prompt at all, when you can set a password for all connections to ensure only you as the owner can connect (was tempted to enable this and set the password, but I was being good today).
As well as this I was also to rename the Wifi network with no security at all.
To prove it worked I reset it to this above name and then checked that my phone could see it (Don’t worry I set it back afterwards).
So what’s the moral of the story?
Spend more time reading about how to secure those “easy to configure” devices so the world does have access to getting ALL your content. I will leave it to your imagination what could have been on there. There was a Documents folder that could have been a backup for sensitive data, which I would have had access too.
So who’s was this anyway?
Let you guess…….Shall we say “the Pilot“? 🙂