This year for Hallowe’en, [Scott] went out dressed as a Comcast xfinity hotspot. Funny, yes, but there’s a deeper meaning here. [Scott] really went as a walking PSA that illustrates the dangers of making assumptions about the relative safety of WiFi networks based solely on their broadcast names.
[Scott] could have gone chaotic evil with this setup, but he didn’t. No one could actually get on the Internet through him. Inside the “hotspot” are a Wi-Fi adapter and a Pi Zero running a captive portal. It broadcasts the default ‘XFINITY’ and ‘xfinitywifi’ SSIDs, plus a bunch of other common network names. Whenever anyone tries to connect, or worse, their phone automatically connects, they’ll hear a sad tuba cadence. This comes courtesy of a multi-sound effects box that’s controlled by the Pi through a relay board.
Meanwhile, the mark’s device is redirected to an internally-hosted “xfinity” login page. Anyone who actually goes on to enter their login credentials is treated to a classic horror film scream sample while the evil hotspot quietly stores their name and password and displays them on an e-ink display for all to see — a walking e-ink wall of sheep. Check out the demo after the break.
[Scott]’s evil hotspot is powered by a huge battery that can run it for 24 hours. Here’s a wind- and solar-powered WAP we covered several years ago.