Thread: AT&T Disables Free iPhone Wi-Fi
View Single Post
  #4 (permalink)  
Old 05-05-2008, 09:27 PM
Todd Allcock
Guest
  
Posts: n/a
Default Re: AT&T Disables Free iPhone Wi-Fi

"SMS" <scharf.steven@geemail.com> wrote in message
news:c3zTj.1461$To6.1457@newssvr21.news.prodigy.ne t...
> 4phun wrote:
>> AT&T Disables Free iPhone Wi-Fi
>>
>> Too many turds who did not have iPhones tried to use free WiFi with
>> simple hack.
>> Read more here: http://blogs.zdnet.com/security/?p=1067
>
> It doesn't make sense what AT&T did, since basing free access on the user
> agent data would also allow all the non-AT&T iphones to use the free
> network. All they need to do is to create accounts for each iPhone
> customer to use their Wi-Fi network.

That seemed to be their intent, but they just half-assed it. A legit AT&T
iPhone phone number was also required (besides the user-agent) as a login.
Of course, that allowed anyone who knew anyone's iPhone number to get access
after editing their laptop or smartphone's UA.

As you said, creating actual accounts for each user would be smarter way to
do it (like T-Mo does for their "free Hotspots" access for T-Mo data
customers- you just use the phone number as a login name plus a password to
gain access- the default is the customer's last 4 of the SSN, but they can
change it at first login.) Of course, this would still allow "abuse" by the
iPhone owners themselves- they could still get their laptops on line by
editing the UA, but they'd probably be less likely to give an account
password to friends and acquaintances, so the "abuse" would be essentially
limited to the same people AT&T wanted to give the perq to in the first
place. (This isn't a problem for T-Mo, since they allow their phone data
customers to use the Hotspots for their laptops and other equipment, as
well, albeit with only one device at a time- multiple simultaneous logins
aren't allowed.)

Is it just me, or is access to the AT&T Hotspot network just not that
precious a commodity to believe it was suddenly overrun with "UA hackers" to
the point that AT&T felt they had to stop access altogether, rather than
just put up with it for a few days while they instituted a smarter login
policy? As a T-Mo customer for over six years (without the necessary level
of internet plan to get free Hotspot access) I've been bombarded with bill
stuffers giving me free trial days, weekends, weeks, etc. of T-Mo Hotspot
access, and I've never used them, just because I didn't find myself at a
Hotspot during the promo periods. (I don't do Starbucks very often- only
when dragged their by someone else. I'm more of a "cuppa Joe" guy myself.)

I knew about the UA hack (I have it "REM-med" in my registry for quick
switching on my WinMo phone to check out "iPhone-only" sites,) and a friend
of mine has an iPhone so I have his number. Despite being armed with this
dangerous info, I didn't feel compelled to race to a Starbucks just to cheat
AT&T out of 30 minutes of Hotspot access!





Reply With Quote