GoFlex on a Plane

So today I am flying to Atlanta on a Delta flight. I had lots to catchup on so I sat working away on PowerPoints and Demos for sessions I have coming up and all was well. Once I competed that I opened up my phone and it displayed a two Wifi networks on the plane, the one we all know is “GoGoInFlight” the other was interesting called “GoFlex“. Now the only time I have seen this Wifi network before is when using an out of the box setup of the “GoFlex” devices from Seagate which broadcasts a Wifi network so you can connect to it. Surely no-one would bring an out of the box configured device like this on the plane?

So I wanted to see if would be able to connect to it, so I tried and to my surprise it connected which was “issue number 1“. Next I wanted to try browsing to the internet which should redirect me to the web console, “issue number 2” it worked. If you have not used one of these devices before you can see the web console below.

Web Console

As you can see this a web interface designed for you to navigate the content and configure settings. So I click around for a bit and notice there are Videos and Images stored here and lots of them, which of course are personal and probably not meant to be visible to anyone on the plane who connects to the broadcasting Wifi network.

Videos

Videos

Though this may seem concerning, the main issue is that I was able to connect to it with no security prompt at all, when you can set a password for all connections to ensure only you as the owner can connect (was tempted to enable this and set the password, but I was being good today).

Password

As well as this I was also to rename the Wifi network with no security at all.

Wifi

New Wifi

Wifi Saved

To prove it worked I reset it to this above name and then checked that my phone could see it (Don’t worry I set it back afterwards).

Phone

So what’s the moral of the story?
Spend more time reading about how to secure those “easy to configure” devices so the world does have access to getting ALL your content. I will leave it to your imagination what could have been on there. There was a Documents folder that could have been a backup for sensitive data, which I would have had access too.

So who’s was this anyway?
Let you guess…….Shall we say “the Pilot“? 🙂

Pilot

Liam Cleary

I work as an Associate Director for Protiviti in Virginia. My main focus is to ensure that SharePoint can either natively or with minimal customization meet the business requirement securely. I am currently a SharePoint MVP focused on Architecture but also cross the boundary into Development and Security. I am often found at user groups, conferences speaking, offering advice, spending time in the community, teaching my kids how to code, raspberry PI programming, hacking the planet and sometimes building Lego robots.

You may also like...