With Cable WiFi, Your Modem Is My Hotspot
Over the past few years, the cable industry has quietly pulled off a minor miracle of infrastructure. It’s built a nationwide WiFi network, and it’s given many of its subscribers access to it for free.
But this “Cable WiFi” project has some warts: security issues, unequal access, and missed opportunities.
How it works
You may have seen wireless networks called “CableWiFi” pop up on your computers or mobile devices. These hotspots give wireless access to customers of Bright House Networks, Cablevision’s Optimum, Comcast’s XFINITY, Cox Communications, and Time Warner Cable. The five cable carriers also have free wireless networks for their own customers. Look for Bright House Networks, optimumwifi, xfinitywifi, CoxWiFi, or TWCWiFi signals, respectively.
Not a subscriber of one of these networks? You can often still get online even if you don’t subscribe, at hourly, daily, or weekly rates, or through free-trial options.
I spent a few afternoons trying this access around my Washington, D.C., neighborhood, and it was mostly a positive experience. I tried a free one-hour trial and paid ($2.95) one-hour passes on Comcast’s Cable WiFi network.
I got good speeds, up to 28 megabits per second at one point, which is faster than my home FiOS connection. But I was right in front of the building hosting the hotspot when that happened. Typically I got about 4 megabits a second, but occasionally I saw poor performance, down at dial-up speeds (under 100 kilobits a second).
Comcast’s helpful iPad app (photo above) gave me a database about local hotspots that I could use when i wasn’t online (to help me find a zone where I could connect), and it has a nifty augmented-reality view to visualize nearby networks.
So what’s not to like?
A risk of ISP impersonation
When I ran my experiments, how did I know I connected to a legitimate cable company network? My Android phone showed a green padlock icon that, when tapped, confirmed that Comcast signed the page with an “extended validation” certificate, but my iPad’s Safari browser showed only a generic lock icon without further details.
Yes, I am a nerd who does things like inspect site certs.
If a connectivity con artist wanted to run malicious networks named “xfinitywifi” to harvest cable usernames and passwords — in turn, opening the door to draining bank accounts — he probably could.