Let's Ginger-Fi it!

While visiting my sister and brother in-law, I did what any normal wi-fi person does and opened an app to check out the airspace 😊. My brother in-law has always had creative names for his personal and guest networks but this time I noticed a new SSID called blackhole. He had also been having some issues with his new eero mesh system recently, so I thought maybe he was doing some testing with a different SSID. I asked him what it was for, and he had no idea what I was talking about. It was showing at -43 so I knew it was definitely not a neighbor. I traced it to behind his TV console in the next room and he said “or that’s just the Cable provider modem. I don’t use that for wireless”. It was definitely the source so I asked if I could unplug it to show him it was broadcasting. As soon as it was powered off the mysterious SSID disappeared. So, we powered it back up, logged in and started looking at the settings. On top of the “blackhole” SSID there were some other setting that were not right. He confirmed that had been in the gui before (but not for a almost a year) and he didn’t remember these things being enabled. I had checked out his wireless network a few months earlier and the SSID hadn’t been there at that time. We cleaned everything up and he changed his passwords.

I got nosey googled the blackhole SSID and there were a few reddit threads of people noticing this on their home networks. These people were in all different parts of North America too. One thing that stood out was that the devices were all modems provided by their ISP. Someone had started to ask what model and they were all Hitrons. Including my brother in-law.  I googled the Hitron modem he had been provided to see if there had been any vulnerabilities and boy were there. So many sites listing the security vulnerabilities and even some giving away the code to run against them.

I got even nosier and opened wiggle.net to see if “blackhole” popped up anywhere. It did! All over North America but in mostly contained little clusters. Like the device could hear a neighbor’s device and then made it’s way there. Or more likely the neighbors have the same ISP modems that were also vulnible…or I’m just making connections where there are none 😊 who knows.

It was a fun little hunt though.