My failed attempt to hack the AT&T free iPhone WiFi

You may remember that AT&T began offering free wifi for iPhone users earlier this year. Shortly thereafter they pulled the service. Why? Because someone discovered the security applied to the system was extremely weak: simply changing the User Agent of your browser to make it look like you were using an iPhone browser allowed you to gain free WiFi access on your laptop. This could easily be done using the Firefox User Agent Switcher extension, or by simply firing up Safari, enabling Developer mode (Safari->Preferences->Advanced->Show Develop menu), and selecting the iPhone User Agent (Develop->User Agent->Mobile Safari 1.1.3 - iPhone).

With the new service, you connect your iPhone to the wireless network, launch the browser, and get redirected to a page that displays a single field requesting you to enter your iPhone phone number. After submitting your phone number, you receive a (free) text message containing a URL. Loading this URL from your iPhone grants you free wifi access to the Internet.

When I tried the User Agent hack mentioned above from my laptop, I expected to at least get the box prompting me for my iPhone phone number. But to my surprise, all I got was a mobile-formatted page with options to purchase service.

So I suspected they were checking the MAC address of the computer connected to the router and checking if it looked like an iPhone MAC address. Luckily, spoofing the MAC address of my wifi card is easy on OSX:

sudo ifconfig en1 lladdr 00:21:E9:52:6A:E3

BAM! Now as far as the AT&T router can tell, my requests are coming from my iPhone. This time when I connected, I got the form asking me for my iPhone phone number. I submitted the number and a few seconds later received an SMS with a link.

I hoped that simply typing this URL in my laptop browser and visiting it would grant me free wifi access, but unfortunately it did not. Instead, it gave me an error saying that page doesn't exist.

A commenter on the original LifeHacker post describing the User Agent hack left this comment about the new security features applied by AT&T:

AT&T has locked out non iPhones by using an encrypted log on tied to each iphone number. The key is transmitted to the iPhone over the AT&T cell network a minute before login.

By using the AT&T network to transmit the key, they have definitely made it more difficult to gain free access from your laptop. I'm sure it's still possible (perhaps by sniffing the wifi traffic between the iPhone and the router after a successful connection), but I'm not sure it's worth the time and effort.

I heard that an official AT&T tethering option for the iPhone will be coming soon, so that might make this a moot point (assuming they make it a free option). Still, it seems only fair that existing iPhone users should be able to access the free wifi via their laptops. Transmitting a password via SMS seems like a safe way to guarantee the person connecting to the wifi actually has an iPhone.

Write a Comment