
A Map of Wireless Passwords from Airports and Lounges - tzury
https://foxnomad.com/2016/04/26/map-wireless-passwords-airports-lounges-around-world-updated-regularly/
======
sbr464
I needed to connect an Apple TV to a blocked wifi at a hotel, Just sharing,
here are the instructions using a macbook to get past hotspot auth, since
there isn't a browser on an Apple TV

1\. Disconnect from ap by option+click status bar wifi icon

2\. Write down your current wifi mac address

    
    
      ifconfig en0 | grep ether
    

3\. Switch macbook to Apple TV mac address

    
    
      sudo ifconfig en0 ether [apple tv mac address]
    

4\. Connect to wifi, authenticate, then disconnect from ap with option+click
again

5\. Switch back to original mac address

    
    
      sudo ifconfig en0 ether [original macbook mac address]
    

6\. Connect apple tv to wifi ap normally

~~~
rossboss
Thank You! I have been trying to figure this out to connect to xfinity
hotspots

~~~
sbr464
Cheers. It was a ceremony before of hacks/ethernet before. This just works and
no extra gear.

------
paublyrne
I'm not sure this is a good thing to do, but airports that don't have free
open wifi annoy me. It's so useful to have internet access when you arrive in
a foreign country, for figuring out how to get into the city, or to
communicate with a hotel etc, and sometimes its unfeasible to use your own sim
abroad. It just seems a petty thing for airports to do, to try and make a few
dollars or euros or pounds that way.

~~~
realusername
I also hate people who put an open wifi requiring an SMS token in an
Airport... You know, the only place where you have a good chance of your SIM
Card not working for being abroad...

~~~
1024core
Exactly! I'm looking at you, Delhi Airport! The f'n morons advertise "free
wifi! free wifi!!" everywhere, but when you actually want to use it, they
demand a phone number to send an SMS message. Are the people in charge there
really _that_ clueless??

~~~
blntechie
Knowing India, it's probably Government mandated for what they call 'security
reasons'. It's hard to get free WiFi or internet without providing a phone
number in India.

~~~
pandler
Yeah sounds pretty typical of India in my experience. Can’t get WiFi unless
you have a sim

------
peteretep
Almost every item I see on here is using private WiFi connections intended for
paying or premium customers, and precisely zero ones that are intended to be
free.

This would seem to constitute "piggybacking", which is of questionable
legality in many places:

[https://en.wikipedia.org/wiki/Legality_of_piggybacking](https://en.wikipedia.org/wiki/Legality_of_piggybacking)

Given the dubious legality, seems odd to see this on HN.

~~~
cpa
No you got it wrong, WiFi is controlled by greedy monopolies and he’s just
being disruptive ;)

~~~
camillomiller
This answer, with the due edits, would describe Uber and AirBnB pretty well,
too. ;)

------
dsr_
The author claims to be a computer security engineer, yet is deliberately
setting up a tool to defeat security -- not an abstract tool, useful in
surveying and thus improving your own security and incidentally capable of
being used for mischief, but nothing more than a list of identifiers and
passwords. The only indicator you can gain from this is that someone betrayed
your trust.

If this profession had a board of ethics, this is the sort of thing that it
would take action against.

If people want you to use their networks, they will offer you access via any
one of several convenient mechanisms, including

not using encryption

putting a sign on the wall with a password

handing you a card with credentials

telling you a password

~~~
sjwright
A password that has already been handed out to thousands or tens of thousands
of customers isn't "security".

~~~
7952
In the physical world social convention is used all the time instead of real
security.

If my boss needs some peace and quiet he closes his door. It is not locked,
but people know not to enter. If it is open I can walk in and have a chat.

A WIFI password is a social convention asking you to not share. Everyone knows
that it is not secure. But it is much easier than having a captive portal
login system. By respecting the social convention we make life easier for
everyone. Respecting a social convention is far less onerous than over zealous
security mechanisms that annoy the customer.

~~~
kvartz
Door is closed but not locked. In terms of security it is more of theater,
than actual security

~~~
nvr219
he literally said instead of real security

------
ape4
Sharing a wi-fi password with the world is a bit like sharing a party
invitation with the world.

To use this you have to stand outside a restaurant / lounge and hope to
acquire the weak signal (and hope the password hasn't changed). Why not just
buy a coffee and you get to sit down and a have better signal.

~~~
always_good
Pretty much a case of "this is why we can't have nice things."

Everything becomes a bit more inconvenient for everyone if every establishment
has to protect against this kind of thing.

------
Uberphallus
This is already done here [0] and it's not limited to airports or lounges.

[0]
[https://play.google.com/store/apps/details?id=com.instabridg...](https://play.google.com/store/apps/details?id=com.instabridge.android&hl=en)

~~~
vzaliva
I am using Instabridge for a few years and it is really great! I wish more
people knew about it and use it.

------
j7ake
Is it possible to set up a trap where someone who inputs a leaked password
will be automatically blocked or put on a naughty list?

If you owned a coffeeshop, you would want your Wi-Fi users to be for customers
only.

~~~
Rjevski
If you wanted your Wi-Fi to be for customers only then you'd use WPA2
Enterprise with unique per-user passwords, or at least change the _static_
password every day.

~~~
blowski
You might _want_ your WiFi to be for customers only, but not have any idea how
or enough money to enforce it.

~~~
JetSpiegel
I might want a pet unicorn too, then what?

Changing the password everyday is an acceptable compromise.

~~~
baud147258
The password was changing everyday where I worked, with the daily password
available on an intranet page, but then a few months ago a bunch of higher-ups
were present in the office for a few days and wanted Wi-Fi access without
having to type a new password each day, so the password rotation has been
deactivated since

~~~
Rjevski
Well they chose convenience over security, which in this case is fair enough
(it's _public_ Wi-Fi to being with).

Another solution would've been to implement WPA2 Enterprise, where employees
could have their own, permanent credentials while visitors get temporary ones.

~~~
baud147258
Also I don't think you can access anything in the intranet on that Wi-Fi, it's
entirely public, as you said.

------
dfcowell
Sites and tools like this simply encourage lounge operators, vendors and
airports to add captive portals or SMS verification and make getting access to
wifi harder.

~~~
izacus
Why? Why would an airport make connecting to the free WiFi they offer harder?

~~~
peteretep
The WiFi isn't offered by the airports, it's offered by private lounges and
restaurants, who offer it as a perk to their paying customers.

~~~
danilocesar
Well, in europe most airports have free wifi with no restrictions. They are
usually offered by the Airport administration company.

In my home country, almost all airports administration companies offers time-
restricted-but-free-wifi too.

~~~
SmellyGeekBoy
I've travelled all over Europe and Asia and I don't think I've ever come
across an airport without at least half decent, free, open wifi. Is this
predominantly a US thing?

~~~
zerkten
Yes. It's not limited to airports.

There are many reason why a hotspot provider in the US wouldn't want the
liability of anyone other than a know user accessing their service. These
issues are probably more limited elsewhere in the world, although it's
probably the case that they are just lagging in coming up with better security
practices/policy. Some home internet providers in the US like Comcast have a
public WiFi service, but you have to authenticate to use it.

------
verrecken
I think its Computer crime in germany if you login to a locked wifi for what
you did not get password from the owner.

~~~
stadeschuldt
Could you link the § you are referring to? I don't think this qualifies for §
303b StGB. (IANAL)

------
tempodox
How legal is this? If those places wanted to have open WiFi, they wouldn't
have passwords in the first place. Or, at the very least, just write them on
the wall. A detour via that app looks rather dubious.

------
nimbius
"email me" is such an aggravating model. Can this be uploaded to gitlab?

I feel like this doesnt need an app. just give me a list of tuples and I can
script a grep for the AP im looking for.

~~~
clapsclaps
+1

This looks to me as the best use of having a public git wit info out there.

------
dustinmoris
To everyone who says that this is dodgy or immoral:

It is not. The majority of the world doesn't function anymore without WiFi,
which makes it more of a human necessity than a convenience to pay for. Not
offering free WiFi is like not offering passengers free toilets at an airport.
Unless you want everyone to piss in a corner you must offer a toilet,
especially when you also require passengers to arrive at least two hours prior
departure.

In India I wasn't allowed to enter airports without showing them my boarding
ticket at the entrance. However I didn't have a boarding ticket because I
needed to go to the counter inside, which I wasn't allowed (standard in
India). So they demand from tourists to log in their email and show the
booking confirmation but don't give you free WiFi. Fuck this shit!

Going to the taxi stand and they ask me for my reservation number. Same story
again, no WiFi no luck.

In some countries there is no taxis or taxis are widely considered extremely
dangerous (Johannesburg, etc.) and you MUST use Uber. How are you going to do
it without WiFi?

Long story short, don't fucking build your entire infrastructure reliant on
the internet and then don't give your customers an opportunity to connect to
the internet.

WiFi is a necessity, it should be free of charge everywhere.

------
jarofgreen
Any comments on the tech behind this?

(I've done a few projects crowd sourcing and distributing information like
this and I'm currently thinking about some tools in this space, hence my
curiosity.)

~~~
Freeboots
Its just a google map, I dont believe its dynamically updated from users, and
doing that would be trivial anyway.

~~~
jarofgreen
In most cases the tech tends to be trivial, sure. How you check accuracy of
incoming information, make sure it's kept up to date in the future, and
present it to people tends to throw up lots of very interesting usability
problems.

------
batiudrami
Is there an android solution to automate registering and accepting T&Cs for
free wifi? The log in process and unreliable connection make them barely worth
using.

~~~
akerro
I've seen an app for this in FDroid.

~~~
sexydefinesher
What's the name of it?

~~~
voltagex_
[https://f-droid.org/en/packages/com.juliansparber.captivepor...](https://f-droid.org/en/packages/com.juliansparber.captiveportallogin/)

"It works by simply replacing the action URL from the login form on the web
page to a local HTTP server which redirects the request to the original
destination. The local HTTP server saves the request, so the app can reproduce
the same call next time you connect to the same WiFi network."

Uhh... Time to move to iOS, I think.

~~~
icebraining
Why would you move to iOS over that?

~~~
voltagex_
Without a rooted phone, there's no better way to "fix" Android's captive
portal code, or to automate it.

~~~
icebraining
How would root or iOS help you? The problem is that each captive portal is
different, so you need the user to "teach" it once. Seems a reasonable
approach to me.

~~~
voltagex_
Root would allow packet capture without the VPN framework that may not work
before there's a network "up" (I should try tShark).

I guess I'm just a bit exasperated about how the lesser-used parts of Android
have far less attention to detail (there's no reason this couldn't be a built
in feature)

~~~
icebraining
Why would you do this with packet capture? You'd have to install a root cert
and MITM connections, it'd be much more messy and dangerous.

~~~
voltagex_
I haven't seen a portal with SSL (correctly) configured - are there any that
_don 't_ work by capturing DNS/HTTP and redirecting to a login page?

You're already essentially doing MITM by redirecting form actions.

~~~
icebraining
_I haven 't seen a portal with SSL (correctly) configured - are there any that
don't work by capturing DNS/HTTP and redirecting to a login page?_

The ones I've used recently all capture DNS/HTTP, but use it to redirect to an
HTTPS page with the actual form - which you'd have to MITM.

 _You 're already essentially doing MITM by redirecting form actions._

Yes, but inside a single webview, not system-wide!

------
ChrisArchitect
why would this be necessary in airports where, yes, maybe the Lounge has a
password, but the airport in general as public wifi. I'm sure the public wifi
is accessible inside the lounge.....

example Toronto Pearson

------
hasa
Any wifi other than yours, or your company's is huge security risk. I would
not trust a second for a service like this.

~~~
Asooka
Why would I trust my company's wi-fi?

~~~
SmellyGeekBoy
Or your own, for that matter?

