What makes you think he’s snooping or even giving free wifi?
I see two scenarios:
Bridge to airplane’s WiFi and maybe snoop on where people go
No bridge, just redirect everything to a static page on the Pi
The second is way easier, way funnier, and way more informative to others on the plane. I highly doubt he did #1 (would require additional hardware or hacking the chip’s driver), and most likely did #2, especially since #1 would validate people using random WiFi SSIDs. That just doesn’t match what I know about Woz.
I’m not sure I’d consider it messed up at all. Knowing WOZ he’s just MITM serving a prank website that also tells users to not connect to random WiFi like this. You kinda get what you deserve if you connect to unprotected WiFi that you don’t own/setup yourself.
You kinda get what you deserve if you connect to unprotected WiFi that you don’t own/setup yourself.
I’m not sure I agree with this line of thinking. Most people are clueless when it comes to security, that doesn’t mean it’s fine to spy on them or scam them and just say “well you connected to an unprotected network, so it’s your fault. You got what you deserved.”
On a place like Lemmy that’s generally tech literate, you’ll probably find no shortage of people thinking that.
But would they feel the same if a car mechanic scammed them by taking advantage of them not being knowledgeable about cars?
I think the analogy isn’t quite right because you’re not connecting to a WiFi network as a need, like you would need to pay an expert to fix your car. Those are different goals and motivations. It’s more of a common sense thing, such as how people shouldn’t leave valuables in plain sight in their cars when parking at a public location. Basic common sense should extend to tech and I don’t think it’s unreasonable to expect that in 2025. Which is why I think you get what you deserve if you do something like that.
I think the person you’re responding to is suggesting that the “honeypot” never routes you to the internet, it only routes you to some pages it has stored locally that tell you to not connect to random SSIDs.
That’s fun, informative, and harmless.
That said, the article only says this:
I’ll tune in the Raspberry Pi to the airplane’s network … and then I’ll have a little five-dollar Raspberry Pi Zero, I’ll have it put on a second Wi-Fi of its own and name the network ‘spanky’ with no password. Everyone on the plane can log in… eleven people connected. So I started using it as a honeypot.
He doesn’t say what it does, but making a transparent network that bridges to airplane WiFi and successfully does a MITM attack is a lot of work, but just spinning up a host that redirects everything to a local web server is easy.
I think the person you’re responding to is suggesting that the “honeypot” never routes you to the internet, it only routes you to some pages it has stored locally that tell you to not connect to random SSIDs.
That’s fun, informative, and harmless.
I know. That portion of their comment is fair enough. It’s the following statement that I took issue with.
If you’re connecting to random free Wi-Fi, you’re leaving yourself wide open to attacks.
A lot of security researchers play with penetration testing scenarios like this. It’s how you learn to defend against techniques that real attackers use.
I don’t agree with the term honeypot. Knowing him it’s to give free wifi but idk if he’s watching the traffic that’s a tad messed up
What makes you think he’s snooping or even giving free wifi?
I see two scenarios:
The second is way easier, way funnier, and way more informative to others on the plane. I highly doubt he did #1 (would require additional hardware or hacking the chip’s driver), and most likely did #2, especially since #1 would validate people using random WiFi SSIDs. That just doesn’t match what I know about Woz.
I’m not sure I’d consider it messed up at all. Knowing WOZ he’s just MITM serving a prank website that also tells users to not connect to random WiFi like this. You kinda get what you deserve if you connect to unprotected WiFi that you don’t own/setup yourself.
I’m not sure I agree with this line of thinking. Most people are clueless when it comes to security, that doesn’t mean it’s fine to spy on them or scam them and just say “well you connected to an unprotected network, so it’s your fault. You got what you deserved.”
On a place like Lemmy that’s generally tech literate, you’ll probably find no shortage of people thinking that.
But would they feel the same if a car mechanic scammed them by taking advantage of them not being knowledgeable about cars?
I think the analogy isn’t quite right because you’re not connecting to a WiFi network as a need, like you would need to pay an expert to fix your car. Those are different goals and motivations. It’s more of a common sense thing, such as how people shouldn’t leave valuables in plain sight in their cars when parking at a public location. Basic common sense should extend to tech and I don’t think it’s unreasonable to expect that in 2025. Which is why I think you get what you deserve if you do something like that.
You’re missing the point.
I think the person you’re responding to is suggesting that the “honeypot” never routes you to the internet, it only routes you to some pages it has stored locally that tell you to not connect to random SSIDs.
That’s fun, informative, and harmless.
That said, the article only says this:
He doesn’t say what it does, but making a transparent network that bridges to airplane WiFi and successfully does a MITM attack is a lot of work, but just spinning up a host that redirects everything to a local web server is easy.
I know. That portion of their comment is fair enough. It’s the following statement that I took issue with.
Ah, you were criticizing the poster here and not bandwagoning Carry on. 👍
I’m well aware of this. There’s still the ethics of snooping on their activities I just don’t agree with.