AT&T Accidentally Provides Free Wi-Fi To All

SecureThroughObscure writes tells us about a hack broken by MacOSRumors: you can get free Wi-Fi at Starbucks, Barnes & Noble, and other AT&T hotspots if you know how to set your browser's user agent string (trivial on Safari), and know a valid iPhone phone number. ZDNet blogger Nate McFeters gives some more details and links. This can't last.

Security by stupidity.

This actually had some chance of working before it was revealed on /. Afterall, you don't usually publish your iPhone number to strangers, and if they ever caught the same user agent showing upo at two hotspots it'd be trivial to shut them both down. Not the best security idea... but it got the system up until they had to come up with better.

It might last...

Even if every /.'er did this, it still would be a drop in a bucket compared to the number of folks who happily pay the fee.

For example, many pay wifi points can be circumvented just by connecting to a VPN over UDP (since they're only filtering TCP requests). I doubt they're going broke due to that issue though..

Re:It might last...

Here you go [openvpn.org]

Re:

Alternatively (for those who don't want to download an extra program):

• - Go to about:config in Firefox
• - Right click/command click in the list and chose New > String
• - For the preference name use "general.useragent.override"
• - Use any value you wish,

Staying Power

A surefire way to ensure that this hack lasts as long as possible is to keep it super-secret and not let AT&T know they screwed up.

But I'm sure posting the story to slashdot is fine. Nobody reads this site, after all...

Re:

If AT&T techies actually read slashdot then they would be smart enough to setup the system with more than just a browser user agent tag and a phone number.

how many systems have been setup that way and then suddenly laughed at?

The other option is why bo

I don't think that's what you meant

Accidentally providing free wi-fi to everyone... IF they use this hack to work around... That's not providing ANYTHING. It's not having proper security in place.

SuddenOutbreakOfMoralSense

Maybe it's just me, but am I the only one who's sitting here thinking that using this hack is tantamount to stealing service? Hacks for stealing cable service have existed for decades now, and were very much illegal. And why shouldn't they be? Not everything has to be hacker proof. Sometimes it's just about putting a lock on the door and saying, "This doesn't belong to you."

To use a typical Slashdot analogy, the lock on my front door is pretty flimsy and could probably be picked or forced without much effort. Is that an invitation to walk into my house and use my computer?

This also differs from open WiFi points in that open WiFi points have no security. It's difficult for a passerby to tell the difference between an intentionally shared access point and an access point that has accidentally been misconfigured.

Which reminds me, WiFi security is not all that hard to crack. Does that give people a free license to crack their neighbor's WiFi and begin using it without permission?

Re:

It's a violation of the law in all jurisdictions, and finding a jury is a cakewalk. The only person that needs luck is a defendant in finding an attorney who can get him out of it.

"Theft of service" is its own special category. Chances are that AT&T

Re:

the point the OP was making is that it is a rarely prosecuted crime

No, it's not.

It happens all the time. We're not talking about wardriving or hopping on unsecured wifi. This is bypassing (however easily) access restrictions on a paid service. Also, skipping on restaurant bills, gaming the phone system, and splicing i

Re:

I sort of agree. I'm 100% in favor of letting people borrow open wifi. If it's wide open, the server is giving you permission to use it when you get an IP. But if you have to trick it into giving you an IP, that's not so ok.

But still, having thousands o

AT&T Intentionally provides free WiFi to all.

1 - Put your coffee money in a Starbucks Card.

2 - Take your laptop to Starbucks for a coffee.

3 - Profit!

Re:

4 - Drink bad coffee!

Free

Frankly, Starbucks should provide WiFi free. It's a great tool for them. Many small shops are doing it and I'd go to one of them before Starbuck's, obviously.

Re:

Starbucks should also start charging 1/3 of what they do for their coffee. I don't think either is hurting them much, though.

Also, in my opinion, Starbucks should just go to hell. Aside from the fact that I think coffee is disgusting, my generalization

Re:

Maybe they should, but that's their choice, not yours. It's their business decision.

In general, companies are afraid of wifi (and legitimately so, I believe) because it causes people to sit around, NOT consuming things. Sure I might go buy a drink at s

...and a valid iPhone phone number?!

Are you kidding me?! I'm not quite creative enough to know exactly what to do with it, but a phone number is like part of a person's identity. Using that as a form of identity in this instance can't be good.

... always been free wifi ...

Maybe its different (okay, it IS different) ... but it is very very very rare to see a café up here in canada that doesn't have free wifi. They limit the bandwidth per connection, and (attempt to) block non http / https requests, but I *never* p

Re:

Maybe its different (okay, it IS different) ... but it is very very very rare to see a café up here in canada that doesn't have free wifi. They limit the bandwidth per connection, and (attempt to) block non http / https requests, but I *never* p

what's next

Next you're gonna be telling us how to get free wifi from all those "Linksys" hotspots, aren't you?

Re:

Hey! That's the name of mine at home! Well..the one on the DMZ that redirects all http traffic through a proxy that does interesting things with images, anyway.

How does Starbucks get away with charging?

Here in Minneapolis we have two other chains competing with Starbucks, Dunn Bros. and Caribou, both starting out locally. Both of the competitors offer free Wifi. Caribou's is limited to an hour, but you can circumvent that pretty easily. I don't freque

The real wtf...

The real wtf is that the iPhone's number is in the user agent string. How long till that is used to justify an "existing business relationship"?

WIFI is becoming free, anyway

I have a friend who owns a small restaurant, selling smoothies and sandwiches. He has internet access from the back office, and uses it to communicate with vendors.

He doubled his breakfast and lunch business over the last few months by putting up a wireless router and giving away wifi access. The sign says "with any purchase" but there is no easy way to implement that, so he just leaves it unsecured. Most people buy something anyway.

It costs him almost nothing, and helps to sell food by making the location more welcoming to his customers. It won't take very long for other small food and beverage businesses to catch on.

It's kind of like "air conditioned" businesses used to be. Fifty years ago, air conditioning was unusual. But customers liked it, so the businesses that had it got the customers. Now, every business has it. The only real difference is that wifi is a lot cheaper to provide.

Outrageous!

Apple should demand that iPhone users not give their phone number to other people because they might abuse this!

Errrr...