[gravitas]

The author does not "mess with the WIFI AP on the plane", they exploit a weakness in the design (failure by viasat to maintain an checksum IP mapping to their domain for the captive service) to simply bypass a trivial TLS header check in order to tunnel their traffic.

[kristianc]

This is hacking under federal law, as it should be. Likewise that if I break into your house by merely exploiting a weakness in the design of the lock, I am still committing a crime.

[Dayshine]

If someone charges for tours of part of their house, has two prices of tour, and you change the colour of your badge to let you access the part you haven't paid for, is that a crime?

[jfk13]

Sounds like some form of fraud to me. What's the difference between that and simply forging a ticket to an event instead of buying one? Or forging a currency note?

[Dayshine]

OK, the better example from further down. You realise your badge lets you into areas of the premium tour, it opens all doors, not just the ones you paid for it to open.

And even if it is fraud of some kind, the bar for charging someone with fraud (instead of just suing for damages) is fairly high...

[Asooka]

Well yes, but bandwidth is practically free anyway. I'm not actually stealing computer resources. It's more akin to looking at the Mona Lisa through one of the Louvre's windows using a pair of binoculars.

[MikeKusold]

Yes. It’s trespassing.

[behrlich]

This is almost definitely “hacking” under federal law.

[gravitas]

The person I'm replying to specifically said "mess with the WIFI AP" in order to present this as harmful or dangerous (FUD), it is not. It's a trivial header check bypass - whether or not that is "hacking" is a question for lawyers and a judge.

[pessimizer]

I was just bypassing a some trivial key check on the door. To say I was "messing with the door" is FUD, and whether I was breaking and entering is a question for lawyers and a judge.

[judge2020]

The owner gave me a key to the lobby so I could pay to get an all-access key. As it turns out, I can just walk past the lobby and that key actually opens all doors in the building. Whether or not it's illegal to use it to access whatever I want is a question for lawyers and a judge.

[rebuilder]

That's not what's happening here. This is more like trying the key on every door, finding a cleaning closet unlocked and crawling through the ventilation ducts to get in.

[judge2020]

I think it's pretty close to the reality. The lobby is wide open (viasat's payment gateway), but if you just use the viasat lobby key (viasat.com SNI) on any other door (IP address) it allows you access. They could prevent you from getting to the doors in the first place (whitelisting MAC address to access anything other than a whitelist of IPs instead of just TLS SNI whitelisting) but they don't, as it's especially evident when they allow other protocols when the connection is not encrypted.

[Zak]

Judges tend to be less impressed by technicalities than seems to be commonly believed. If you know that a network operator intends to route traffic only for paying customers, and you intentionally trick its router into routing your traffic without payment, the judge will probably see that as intentional unauthorized access.

I think that's legally reasonable, almost. It's the intent that matters here; if my use of Cloudflare DNS instead of what your DHCP server provides for performance and privacy reasons happens to bypass your insecurely implemented captive portal that asks for payment, there's no intent. If I employ a complex tunneling scheme specifically designed to bypass your payment check, that's theft.

Where I do have a problem with the law is that its digital nature is given special treatment and greatly enhanced penalties. If I walk into a store and steal a USB Wifi adapter worth $20, I have committed a misdemeanor. If I'm caught, I'll probably be given a summons, not arrested, and my penalty will probably be a fine or community service. If I use that adapter to steal access to $20 worth of in-flight Wifi, I've committed a felony, for which the penalty includes loss of civil rights, and probable incarceration.

[behrlich]

Right. I think all he’s trying to say is that it might be worse to hack something on a plane vs some other kind of computer system. I don’t think they were implying harm was being done to the ap. Colloquially I would definitely call this messing with the ap :)

[mightybyte]

IANAL and all that, but my perception is that "hacking" is usually about breaking into someone else's computer / breaching someone else's privacy / accessing data that isn't yours / etc. If that perception is accurate, then I think it's really a stretch to call this "hacking". You're just moving bits around on network infrastructure designed to move bits around. Maybe I'm just looking for a loophole because wishful thinking, but this seems like a decent argument to me.

Now, you could be violating their terms of service. But in this case there may be a good argument that you never accepted their terms of service since you wouldn't have had to click the "accept" button to do what the post describes.

[sfkdjf9j3j]

Read up on this: https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act

The CFAA is pretty broad, and definitely controversial because of it. Look up Aaron Swartz's tragic case.

[dehrmann]

The old colloquial term for this is "phreaking."

[eeeeeeeeeeeee]

This is absolutely circumventing the intended usage of the system.