Saturday, March 24, 2012

WISPr Connect

Late last month I traveled to Boston and stayed at a Hilton owned property. Hilton has sold their hotel Internet business (including Wi-Fi) to AT&T Wi-Fi (formerly Wayport). When AT&T acquired Wayport they allowed their Wi-Fi enabled smartphones to automatically connect to the "attwifi" hotspots transparently using a technique known as WISPr.

So when I arrived at the Hilton property with my AT&T Captivate it tried to WISPr connect to the "attwifi" access point. It established an 802.11 connection but then I got an icon in the notification bar that said "AT&T Wi-Fi Hotspot / Wi-Fi Hotspot Access Failed." When I clicked on the notification I got a screen that said "Unable to confirm eligibility, please call Customer Care at 800-331-5000." Yeah, like they could help. I was able to connect to the "attwifi" network using my AT&T DSL credentials.

I was stuck in the hotel with nothing else to do so I called AT&T Mobility Customer Care. Needless to say I got nowhere. They said I need to talk to AT&T Wi-Fi but (according to AT&T Mobility) Wi-Fi isn't open at night. (This is not true by the way.) So I got up the next morning and called AT&T Wi-Fi. Let's just say that the representatives at AT&T Wi-FI are a whole another class of representatives than AT&T Mobility. But you guessed it, they wanted to send me back to AT&T Mobility. After getting dropped back in voice menu hell a couple of times, I asked AT&T Wi-Fi to conference us with AT&T Mobility. AT&T Mobility dropped off the call without telling us.

In summary, I got nowhere. When I got home I began to research this on the Internet. I found a couple of issues worth passing on. First a couple of the truly paranoid are experiencing the same problem and have postulated that this is a scheme by AT&T to discourage users who still have the unlimited data plan (I do) into migrating onto the tiered data plans.

Probably more based in reality were several discussions surrounding the issue with AT&T silently connecting their smartphones to their insecure hotspots. The issue is that GSM 3G traffic is lightly encrypted but the 802.11 traffic to the insecure "attwifi" access point won't be encrypted at all. This is especially an issue if you're using POP e-mail that doesn't uss SSL/TLS. A word to the wise should be sufficient.

Lastly was an issue that I plan to exploit! Given that AT&T smartphones use this transparent connection to "attwifi" hotspots, there is a risk of a rogue "attwifi" hotspot hijacking your Wi-Fi session. This probably isn't too much of a risk in Memphis but could be in more dense metropolitan locations or airports.

The way I plan to exploit this is to create a guest SSID on my dd-wrt router named "attwifi." Then all my AT&T smartphone friends and family will automatically connect to my guest SSID without having to explain to them how to connect. Sure I run the risk of somebody driving by and connecting but if they really are driving by they probably won't have time to connect.

I did get a survey from AT&T Wi-Fi asking about how the call went. I responded that they were helpful but my problem didn't get resolved. Incredibly I got a personal e-mail from a manager at AT&T Wi-Fi asking how he could help. This evolved into where I got the direct number to an AT&T Wi-Fi support specialist that actually knows something. He checked back with me every couple of days and let me know what he was doing. He was able to look at the AT&T Wi-Fi logs and discovered that my phone has never connected to the AT&T Wi-Fi network using the WISPr technique. He could see the logins that I had performed using my DSL credentials. What a breath of fresh air to be able to speak with someone who could actually look at the logs.

But what this said is that the AT&T Mobility WISPr process was not being successful. The AT&T Wi-Fi representative actually had a contact at AT&T Mobility who had similar access to their logs. The AT&T Mobility representative didn't see that my phone was ever going through the WISPr process. The two of them continued to work on it and the AT&T Wi-Fi promised to get back to me by the end of the week.

I had noticed in the Captivate's Wireless Settings that the "Network Notification" was unchecked. This is part of my new phone setup that I had done after the factory reset and Gingerbread upgrade. Just for grins I checked this and headed to my nearest AT&T Mobility store where there was an AT&T Wi-Fi hotspot. It worked!

Not to look a gift horse in the mouth but why? Had AT&T Mobility changed something or did the "Network Notification" setting make the difference?

So back to an AT&T Wi-Fi hotspot with "Network Notification" turned off. It worked. Hmmm. I turned "Network Notification" back on. It worked. I left it off and went to another AT&T Wi-Fi hotspot that I hadn't visited before. It worked. Whatever, I'll take it.

On Friday the AT&T Wi-Fi representative called me back. I like those guys. He discussed potential problems with "forgetting" the "attwifi" SSID and problems that might cause with WISPr. I had probably done that in trying to get connected. I told him what I had done with "Network Notification" and the success I had. He said that his contact at AT&T Mobility hadn't changed anything.

Given what I know, it seems that enabling "Network Notification" and letting the phone discover and connect to "attwifi" enabled the WISPr authentication. The WISPr connect continued to work even after I disabled "Network Notification." That fixed it or AT&T Mobility did something and didn't tell anyone. Nah. They wouldn't do that would they?


Anonymous said...

Did you try out the attwifi SSID trick on your router, I am curious to know if that works?

Ben Moore said...

No. Sorry. I've been lazy.

Doing this on my dd-wrt takes a little more fiddling than on some routers. You have to setup another subnet and then route the new SSID to that.