IHOP WiFi Hijacking

[Mookieville]

You're router can't get a virus. But if you don't change the default password on your router then someone else can login to it and lock you out of it.

I run OSX 10.4 with Firefox. A week ago, while using the free internet at International House of Pancakes in Conyers GA, I was maliciously redirected to an internet games site while trying to navigate to a wikipedia page. This kind of thing continued until I cleared my cookies, after which I surfed without incident.

I thought it might be an infected router, but I chalked it up to some bad cookies and forgot about it until last night when I met a friend there to discuss some web updates he was working on. [we like to work in coffee shops and iHop stays open after Starbucks closes]

My friend uses Windows XP on an older PC laptop. When I happened to look over his shoulder I saw the same internet games site: candystand dot com. He's a shy guy, so he wasn't complaining about the issue, but I knew he was trying to do this job, not play games, so it all clicked. He too was being hijacked to the same URL. Each time he tried to navigate to any URL he was redirected to an unwanted URL.

I realized the router was causing this issue, so I recommended he clear his cookies. He did, but they immediately reappeared. So I figure this is some kind of an exploit that attacks Windows and Mac alike, but may be more persistent in Windows.

Today my friend is surfing at Starbucks without incident, so the issue seems to be contained in the Conyers GA iHop wifi network. The on-duty manager confirmed that they have had many customer complaints and that they are working to resolve the issue. The poor lady is just trying to keep her restaurant operating smoothly; she doesn't need this kind of distraction in her business.

 

[BugBytes]

What has most likely happened is that someone has hacked into their router and has placed a malicious redirect. You should not work on that network until that issue is resolved, because, even tough you may not care too much about the redirect, someone who as that amount of access to the router could also be logging your web activity and sniffing packets. You friend on Windows needs to have a virus scan done on his PC, and you should change the passwords on the websites you visited so you can be safe. Your PC friend should do the same. If you see something like that again, disconnect from the network and go somewhere else. You could recommend to the lady that once it is fixed that she places a password on her Wifi so it can't be easily accessed and all the customers who want to use the Wifi just could go up to the counter and ask for the password to connect.

Oh, and I forgot to say: Clean your cache and cookies as well.

 

[S.B.G]

Another thing you can do if you use free hotspots often, is to use a VPN. Hamachi is a good one and it encrypts your entire Internet connection so that if someone on the hotspot has hijacked the router, you can at least rest assured that no one is sniffing your packets, stealing your usernames and passwords to your websites you visit. Also, be sure that every website you visit where you enter a username and password, that it uses SSL which also encrypts the connection from your browser to the sites server.

 

[BugBytes]

However, it won't help much if you can't get to any other site besides the ones you're being redirected to. Unless you're desperate of course. Good point SandboxGeneral.