This year for Hallowe’en, [Scott] went out dressed as a Comcast xfinity hotspot. Funny, yes, but there’s a deeper meaning here. [Scott] really went as a walking PSA that illustrates the dangers of making assumptions about the relative safety of WiFi networks based solely on their broadcast names.
[Scott] could have gone chaotic evil with this setup, but he didn’t. No one could actually get on the Internet through him. Inside the “hotspot” are a Wi-Fi adapter and a Pi Zero running a captive portal. It broadcasts the default ‘XFINITY’ and ‘xfinitywifi’ SSIDs, plus a bunch of other common network names. Whenever anyone tries to connect, or worse, their phone automatically connects, they’ll hear a sad tuba cadence. This comes courtesy of a multi-sound effects box that’s controlled by the Pi through a relay board.
Meanwhile, the mark’s device is redirected to an internally-hosted “xfinity” login page. Anyone who actually goes on to enter their login credentials is treated to a classic horror film scream sample while the evil hotspot quietly stores their name and password and displays them on an e-ink display for all to see — a walking e-ink wall of sheep. Check out the demo after the break.
[Scott]’s evil hotspot is powered by a huge battery that can run it for 24 hours. Here’s a wind- and solar-powered WAP we covered several years ago.
Wow, that is so evil! The most scary costume this haloween by far!
Yes, people should be safe with passwords and other sensitive information. Yes, people should understand that auto-connecting to public access points is not safe.
But no, displaying a “wall of sheep” is not an effective way of teaching those lessons. Showing off other peoples’ sensitive information for the lol or for the lesson is a terrible idea; it’s less “you got pranked!” and more “hope you at least follow enough password safety practices to change this later before that one jerk friend in the group takes this to a much worse conclusion.”
Is he publicly displaying the passwords? Crimes are still crimes as part of a halloween costume, and faking the Xfinity page is illegal.
Rotating the video was harder then this project? *sigh*
I just assumed that was the “horror” part of the project.
Oh, the horror!
https://www.youtube.com/watch?v=Bt9zSfinwFA
:o)
RIP Glove and Boots. Victims of the Youtube algorithm changes.
I’m disappointed in hackaday for accepting the entire project. They should have done the right thing and embarrassed the person.
The point of the costume was to shame people for bad behaviour. The irony here is off the charts.
Any chance of adding a “skinny/sideways video” tag or warning for this site?
Hell, I don’t mind Instructables links
and PDFs aren’t a problem, once you’ve banished that resource hog “Adobe Acrobat” from your computer.
But skinny video just annoys the fuck out of me.
Why, you may ask?
Mostly because it puts the subject matter into a zone that’s about equivalent of a 320×240 image.
any link here ?
https://tech.slashdot.org/story/17/11/06/1954203/comcasts-xfinity-internet-service-is-down-across-the-us
update:
Meanwhile, Level 3 — a major ISP — told Mashable that a “configuration error” caused a 90 minute service disruption.
http://mashable.com/2017/11/06/internet-is-down/
Not to hard for this little black duck…
$ youtube-dl 'https://www.youtube.com/watch?v=Ad1AhI6i1Ns'$ ffmpeg -i For\ Halloween\ this\ year\,\ I\ was\ a\ Comcast\ hotspot-Ad1AhI6i1Ns.mkv -vf transpose=cclock -c:v libvpx -c:a copy -c:v libvpx -b:v 5M xfinityhack.webm
Now just give me a moment. I’ll be back with a link.
http://static.vk4msl.id.au/hackaday/2017/11/07-xfinityhack/xfinityhack.webm is that video turned around in the orientation it ought to have been filmed in.
Could the original author consider either running their original video through that command, or at their option, they may instead grab the version I have posted here.
Oh for crying out loud! That isn’t the sound of a tuba, it’s a trombone!