Hack Open Hotel, Airplane & Coffee Shop Wi-Fi with MAC Address Spoofing
After finding and monitoring nearby wireless access points and devices connected to them, hackers can use this information to bypass some types of security, like the kind used for Wi-Fi hotspots in coffee shops, hotels, and in flights high above the ground. By swapping their MAC address for that of someone already connected, a hacker can bypass the MAC filter and connect freely.
Password-free networks are common in public spaces, allowing anyone to initially join the network without needing to know a secret password. You’ve likely encountered them at Starbucks, hotel rooms, and on flights featuring in-flight Wi-Fi. All of these networks will have a login portal or payments page users will be continuously redirected to before they can connect directly to the internet.
How MAC Addresses Play a Key Role in Connecting
In order to connect to one of these public hotspots, or any router, a device’s MAC address is needed to assign the device an IP address when attempting to connect, ensuring that any requests the device makes to load content from the internet are returned back to the correct IP (and MAC) address. Routers can allow or prevent devices from accessing the internet based on its MAC address alone.
Step 1: Install the Needed Tools
As always, make sure your Kali system is updated by running apt-get update in a terminal window. Next, ensure you have the correct tools by running apt-get install macchanger aircrack-ng. This will ensure the installed version of both programs is up to date, and it will install the most current version if it is not present.
Included in the Aircrack-ng package is Airodump-ng, our reconnaissance tool of choice for this tactic. We can also use Kismet, but the simple filters on Airodump-ng make it lightweight for this application. If you’d rather use Kismet, you can check out my article on wireless surveillance using Kismet at the link below.
Step 2: Verify the Open Network’s Security
Before going any further, connect to the open network in question and verify that there is some sort of security to get through.
In my example, I’m examining an open (meaning no password) public Wi-Fi network that is free for cable subscribers. Upon connecting, my device is assigned an IP address, but I’m not able to access the internet. I tested this by checking to see if my pings can get through to the internet, as seen below.