Exclusive: hackers make chop suey of wireless security

According to underground culture, the staple diet of hackers is Jolt cola and Ramen noodles. But the food could be could be picked up for free after hackers discovered a gaping security hole in the network of noodle house Wagamama.

vnunet.com today received an email from an anonymous hacker who claimed to have gained access to the wireless network at the Wagamama branch on London's Lexington Street, just down the road from vnunet.com's centre of operations and its investigative news team base.

The hacker told us: "It wasn't that the wireless security was weak. It was crap. There was no security at all."

"Me and good old time OpenBeOS kernel hacker went down yesterday night to our 'favourite' restaurant to get a nice warm bowl of noodles," wrote the hacker.

"The thing striking us in the first place is that [Wagamama] changed all their remote terminals used to collect orders with nifty little Compaq iPaqs, and that, incredibly enough, all those iPaqs have a Lucent 802.11 wireless network card sticking out, and blinking profusely."

Whipping out a wirelessly equipped laptop the hackers sniffed around and found that the 802.11 network was publicly accessible.

"No wireless encryption protocol, no passwords, not the slightest difficulty to pick up the signal and start snooping packets," said the hacker. "In less than one minute we had enough information to access the network entirely, and start to have some fun."

The hackers then furnished us with a list of IP addresses corresponding to network objects on Wagamama's system.

"In few moments we basically found that xxx.xxx.x.x is their billing server, and it runs SCO OpenServer 5.0 (pretty easy to hack into, if you carry around a copy of NMAP or any other port-scanning software ...). I'm not going to tell you how, it's pretty easy to do it, but you can walk away with a full five-course Asian meal paying only for a bottle of coke, or a beer," he said.

Worryingly this indicates that the hackers gained access to financial records and billing systems which were left completely unprotected.

They also informed us that they had discovered a router which allowed access to other networks, possibly other branches in the Wagamama chain, as well as the company's mail server.

vnunet.com despatched senior reporter James Middleton to conduct an urgent investigation.

The manager on duty in the Lexington Street branch said that he had no idea of the lack of security.

"I was not aware of this problem," he explained. "But it is terrible. Getting access to some things like the food orders is not so important, but if they could access the billing system that is a problem."

Paul O'Farrell, commercial manager of the company, said he wasn't aware of the problem as network management was outsourced to GEAC, which specialises in restaurant IT systems.

"The wireless network is a stand alone in each restaurant," he said. "They would only be able to get as far as the server in each branch. Although there is a router it only goes through to the network at GEAC, not other branches."

O'Farrell said that the migration to a wireless network and iPaq handhelds from a proprietary GEAC system was only recently undertaken, but that this discovery raised issues that "need to be addressed".

"It is possible a malicious or mischievous user could use this information to crash the server," he said. "But they couldn't really do any other damage."