[gravitas]

The person I'm replying to specifically said "mess with the WIFI AP" in order to present this as harmful or dangerous (FUD), it is not. It's a trivial header check bypass - whether or not that is "hacking" is a question for lawyers and a judge.

[pessimizer]

I was just bypassing a some trivial key check on the door. To say I was "messing with the door" is FUD, and whether I was breaking and entering is a question for lawyers and a judge.

[judge2020]

The owner gave me a key to the lobby so I could pay to get an all-access key. As it turns out, I can just walk past the lobby and that key actually opens all doors in the building. Whether or not it's illegal to use it to access whatever I want is a question for lawyers and a judge.

[rebuilder]

That's not what's happening here. This is more like trying the key on every door, finding a cleaning closet unlocked and crawling through the ventilation ducts to get in.

[judge2020]

I think it's pretty close to the reality. The lobby is wide open (viasat's payment gateway), but if you just use the viasat lobby key (viasat.com SNI) on any other door (IP address) it allows you access. They could prevent you from getting to the doors in the first place (whitelisting MAC address to access anything other than a whitelist of IPs instead of just TLS SNI whitelisting) but they don't, as it's especially evident when they allow other protocols when the connection is not encrypted.

[rebuilder]

Try this:

The lobby is not locked. Neither are any of the doors leading out from it. There is a cashier in the lobby and a sign with ticket prices for the different doors.

[Zak]

In that situation, opening the doors without paying is illegal. It would be treated as trespassing or theft of services. You don't have the right to use other peoples' stuff without permission just because it's easy to do.

[Zak]

Judges tend to be less impressed by technicalities than seems to be commonly believed. If you know that a network operator intends to route traffic only for paying customers, and you intentionally trick its router into routing your traffic without payment, the judge will probably see that as intentional unauthorized access.

I think that's legally reasonable, almost. It's the intent that matters here; if my use of Cloudflare DNS instead of what your DHCP server provides for performance and privacy reasons happens to bypass your insecurely implemented captive portal that asks for payment, there's no intent. If I employ a complex tunneling scheme specifically designed to bypass your payment check, that's theft.

Where I do have a problem with the law is that its digital nature is given special treatment and greatly enhanced penalties. If I walk into a store and steal a USB Wifi adapter worth $20, I have committed a misdemeanor. If I'm caught, I'll probably be given a summons, not arrested, and my penalty will probably be a fine or community service. If I use that adapter to steal access to $20 worth of in-flight Wifi, I've committed a felony, for which the penalty includes loss of civil rights, and probable incarceration.

[behrlich]

Right. I think all he’s trying to say is that it might be worse to hack something on a plane vs some other kind of computer system. I don’t think they were implying harm was being done to the ap. Colloquially I would definitely call this messing with the ap :)