Evil Hotspot Costume Makes Valuable Connections

This year for Hallowe’en, [Scott] went out dressed as a Comcast xfinity hotspot. Funny, yes, but there’s a deeper meaning here. [Scott] really went as a walking PSA that illustrates the dangers of making assumptions about the relative safety of WiFi networks based solely on their broadcast names.

[Scott] could have gone chaotic evil with this setup, but he didn’t. No one could actually get on the Internet through him. Inside the “hotspot” are a Wi-Fi adapter and a Pi Zero running a captive portal. It broadcasts the default ‘XFINITY’ and ‘xfinitywifi’ SSIDs, plus a bunch of other common network names. Whenever anyone tries to connect, or worse, their phone automatically connects, they’ll hear a sad tuba cadence. This comes courtesy of a multi-sound effects box that’s controlled by the Pi through a relay board.

Meanwhile, the mark’s device is redirected to an internally-hosted “xfinity” login page. Anyone who actually goes on to enter their login credentials is treated to a classic horror film scream sample while the evil hotspot quietly stores their name and password and displays them on an e-ink display for all to see — a walking e-ink wall of sheep. Check out the demo after the break.

[Scott]’s evil hotspot is powered by a huge battery that can run it for 24 hours. Here’s a wind- and solar-powered WAP we covered several years ago.


14 thoughts on “Evil Hotspot Costume Makes Valuable Connections

  1. Yes, people should be safe with passwords and other sensitive information. Yes, people should understand that auto-connecting to public access points is not safe.

    But no, displaying a “wall of sheep” is not an effective way of teaching those lessons. Showing off other peoples’ sensitive information for the lol or for the lesson is a terrible idea; it’s less “you got pranked!” and more “hope you at least follow enough password safety practices to change this later before that one jerk friend in the group takes this to a much worse conclusion.”

    1. I’m disappointed in hackaday for accepting the entire project. They should have done the right thing and embarrassed the person.

      The point of the costume was to shame people for bad behaviour. The irony here is off the charts.

  2. Any chance of adding a “skinny/sideways video” tag or warning for this site?
    Hell, I don’t mind Instructables links
    and PDFs aren’t a problem, once you’ve banished that resource hog “Adobe Acrobat” from your computer.
    But skinny video just annoys the fuck out of me.
    Why, you may ask?
    Mostly because it puts the subject matter into a zone that’s about equivalent of a 320×240 image.

  3. Not to hard for this little black duck…

    $ youtube-dl 'https://www.youtube.com/watch?v=Ad1AhI6i1Ns'
    $ ffmpeg -i For\ Halloween\ this\ year\,\ I\ was\ a\ Comcast\ hotspot-Ad1AhI6i1Ns.mkv -vf transpose=cclock -c:v libvpx -c:a copy -c:v libvpx -b:v 5M xfinityhack.webm

    Now just give me a moment. I’ll be back with a link.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.