The person I'm replying to specifically said "mess with the WIFI AP" in order to present this as harmful or dangerous (FUD), it is not. It's a trivial header check bypass - whether or not that is "hacking" is a question for lawyers and a judge.
I was just bypassing a some trivial key check on the door. To say I was "messing with the door" is FUD, and whether I was breaking and entering is a question for lawyers and a judge.
The owner gave me a key to the lobby so I could pay to get an all-access key. As it turns out, I can just walk past the lobby and that key actually opens all doors in the building. Whether or not it's illegal to use it to access whatever I want is a question for lawyers and a judge.
That's not what's happening here. This is more like trying the key on every door, finding a cleaning closet unlocked and crawling through the ventilation ducts to get in.
I think it's pretty close to the reality. The lobby is wide open (viasat's payment gateway), but if you just use the viasat lobby key (viasat.com SNI) on any other door (IP address) it allows you access. They could prevent you from getting to the doors in the first place (whitelisting MAC address to access anything other than a whitelist of IPs instead of just TLS SNI whitelisting) but they don't, as it's especially evident when they allow other protocols when the connection is not encrypted.
The lobby is not locked. Neither are any of the doors leading out from it. There is a cashier in the lobby and a sign with ticket prices for the different doors.
Judges tend to be less impressed by technicalities than seems to be commonly believed. If you know that a network operator intends to route traffic only for paying customers, and you intentionally trick its router into routing your traffic without payment, the judge will probably see that as intentional unauthorized access.
I think that's legally reasonable, almost. It's the intent that matters here; if my use of Cloudflare DNS instead of what your DHCP server provides for performance and privacy reasons happens to bypass your insecurely implemented captive portal that asks for payment, there's no intent. If I employ a complex tunneling scheme specifically designed to bypass your payment check, that's theft.
Where I do have a problem with the law is that its digital nature is given special treatment and greatly enhanced penalties. If I walk into a store and steal a USB Wifi adapter worth $20, I have committed a misdemeanor. If I'm caught, I'll probably be given a summons, not arrested, and my penalty will probably be a fine or community service. If I use that adapter to steal access to $20 worth of in-flight Wifi, I've committed a felony, for which the penalty includes loss of civil rights, and probable incarceration.
Right. I think all he’s trying to say is that it might be worse to hack something on a plane vs some other kind of computer system. I don’t think they were implying harm was being done to the ap. Colloquially I would definitely call this messing with the ap :)
IANAL and all that, but my perception is that "hacking" is usually about breaking into someone else's computer / breaching someone else's privacy / accessing data that isn't yours / etc. If that perception is accurate, then I think it's really a stretch to call this "hacking". You're just moving bits around on network infrastructure designed to move bits around. Maybe I'm just looking for a loophole because wishful thinking, but this seems like a decent argument to me.
Now, you could be violating their terms of service. But in this case there may be a good argument that you never accepted their terms of service since you wouldn't have had to click the "accept" button to do what the post describes.