Slashdot Mirror

← Back to Stories (view on slashdot.org)

AT&T Accidentally Provides Free Wi-Fi To All

Posted by kdawson on from the no-longer-obscure dept.

SecureThroughObscure writes tells us about a hack broken by MacOSRumors: you can get free Wi-Fi at Starbucks, Barnes & Noble, and other AT&T hotspots if you know how to set your browser's user agent string (trivial on Safari), and know a valid iPhone phone number. ZDNet blogger Nate McFeters gives some more details and links. This can't last.

5 of 249 comments (clear)

  1. Security by stupidity. by LostCluster · · Score: 2, Insightful

    This actually had some chance of working before it was revealed on /. Afterall, you don't usually publish your iPhone number to strangers, and if they ever caught the same user agent showing upo at two hotspots it'd be trivial to shut them both down. Not the best security idea... but it got the system up until they had to come up with better.

  2. SuddenOutbreakOfMoralSense by AKAImBatman · · Score: 5, Insightful

    Maybe it's just me, but am I the only one who's sitting here thinking that using this hack is tantamount to stealing service? Hacks for stealing cable service have existed for decades now, and were very much illegal. And why shouldn't they be? Not everything has to be hacker proof. Sometimes it's just about putting a lock on the door and saying, "This doesn't belong to you."

    To use a typical Slashdot analogy, the lock on my front door is pretty flimsy and could probably be picked or forced without much effort. Is that an invitation to walk into my house and use my computer?

    This also differs from open WiFi points in that open WiFi points have no security. It's difficult for a passerby to tell the difference between an intentionally shared access point and an access point that has accidentally been misconfigured.

    Which reminds me, WiFi security is not all that hard to crack. Does that give people a free license to crack their neighbor's WiFi and begin using it without permission?

    --
    Javascript + Nintendo DSi = DSiCade
    1. Re:SuddenOutbreakOfMoralSense by Hatta · · Score: 2, Insightful

      I sort of agree. I'm 100% in favor of letting people borrow open wifi. If it's wide open, the server is giving you permission to use it when you get an IP. But if you have to trick it into giving you an IP, that's not so ok.

      But still, having thousands of slashdotters flood their network for a few days seems like the appropriate consequence for AT&Ts negligence. Maybe they won't make the same mistake in the future.

      --
      Give me Classic Slashdot or give me death!
  3. Re:Theft by mr_matticus · · Score: 2, Insightful

    It's a violation of the law in all jurisdictions, and finding a jury is a cakewalk. The only person that needs luck is a defendant in finding an attorney who can get him out of it.

    "Theft of service" is its own special category. Chances are that AT&T will just fix it to something a little more robust than a user agent string and won't bother to sue anyone about it, unless they just feel like being dicks this month.

  4. Re:Theft by mr_matticus · · Score: 2, Insightful

    the point the OP was making is that it is a rarely prosecuted crime No, it's not.

    It happens all the time. We're not talking about wardriving or hopping on unsecured wifi. This is bypassing (however easily) access restrictions on a paid service. Also, skipping on restaurant bills, gaming the phone system, and splicing into cable systems are all also theft of service.

    Jaywalking, further, in most places is not a crime. It's a citation.