Wireless Hotspot Security

I travel around the UK a lot in my work and use BT wireless hotspots (I am BT Customer so I get free login).

I am planning on using OpenWrt on a router to help me get better wifi signal and hopefully add more security.

The hotspot wifi is not encrypted but there is a login page, if I use one radio to connect in client mode but connect my devices using the other radio on WPA2-PSK will it be more secure?

What would be the best way to do this in terms of OpenWrt configuration?

In a limited fashion. You can isolate your devices from the wireless network by hiding them behind your router, which would prevent any other devices on that network from scanning yours; all they'd be able to scan is OpenWRT's WAN address (which by default is closed to all inbound traffic).

However, that won't stop traffic capture by anyone who can sniff the hotspot network. If the traffic is already encrypted then that offers some degree of protection against interception, but there is no such protection against sniffing unencrypted traffic. You may wish to consider augmenting your approach with a VPN as well, to ensure that all traffic, whether encrypted or unencrypted, is wrapped in an encrypted layer anyway.

1 Like

You have really two security problems here.

  1. Wifi connection from your mobile device to your hotspot (or 4G modem?)? That can be secured by WPA2-PSK encryption.
  2. Hotspots connections to the ISP “internet”, you can not secure that on the go. If you have a login doesn’t really mean something. Especially on public areas like airports and cafes etc since you don’t know who you connect to. The chance of a man-in-the-middle attack are almost guaranteed to happen to you if you travel professionally just by the mean of travel frequency.
    And there are no “safe” country.

A tip for airports if you suspect something is wrong (for example all the vpn tunnels stop working or they can’t find the VPN servers). Just do a simple DNS leak test on the hotspot or wifi connection and check if you even are connected to the country you physically sit in.

But the only way to do this connection problem you have as safe as possible when living on the go is to have your own VPN tunnel from your smart phone/pad or computer connected to point B (the server) outside the area of travel and to a point that you control/trust.


And if your VPN connection fails to connect to a public connection/hotspot when you are on the go, move on to another place. Do not connect unsecured without a VPN in that location.


Thanks for your reply

The hotspot service is not encrypted but requires all users to either buy or be a customer, but I had the idea of using WPA2-PSK on the 5.0 AC Radio and making the connection to the Wifi hotspot on the 2.4 N Radio.

I am new to this so I do not know if it will even work, I have a router on it's way, I bought it because I like gaming but latency is dire at most places. Also I want to be able to watch netflix and will get a Roku device, I might get one with Ethernet and HDMI (most places I stay at have TV's with HDMI). A friend lent me one to try which was an AC and 4k (not 4k tv) and the quality was pretty good, probably full HD.

I am only traveling within the UK, the hotspots are provided by my ISP (British Telecom) which is why I paid their massive fees. As I understand it they give a percentage of consumers internet (which may be fibre) to be used for the hotspot. In places where I am close to residential I have had better than ADSL 8mb up and down, so I assume that must be on a 78mb fibre customer.

So I think it will go straight into ISP network, from what I have seen on other forums all users who connect get a different subnet and can't see each other.

Thanks I will bear that in mind if I go abroad, I have no plans with the Coronavirus Pandemic, not for 2 years at least, I need the destination to have been fully vaccinated as well as the UK.

Thanks I will look into VPN's

Thanks that is interesting, probably best at the end once I have it working.

1 Like

Everyone always thinks the threat is abroad.

I don't think there is an abroad, I was responding you your comment about traveling abroad.

When we see DDOS of tens of thousands of devices including webcams and ISP routers (like talktalk) being hacked, I would not rule out any device being taken over and then used to be a man in middle or some other hack.

I will only use this for Gaming and Netflix, but hopefully at a decent speed or a decent latency. I can switch to mobile data if I want anything else.

It is great that this community has built this thing, although it requires a steep learning curve to get under the hood.

I may have to find some video training on Linux, Network Systems Engineering and Network and Firewall security.

I am going to have a trial run on a TP-Link before my Linksys arrives later this week.

I didn’t travel abroad, the data bits in the wifi at the airport that day was rerouted and went “traveling abroad” (actually to a completely different continent) from the domestic airport I was sitting in.

Your project has actually multiple steep learning curves, one is the openWRT and network technology itself. One is cyber security and another is probably very soon VPN technology.