This study addresses the unexamined security risks—such as connection hijacking and rogue access points—in widely deployed rural pay-per-use Wi-Fi hotspots, exemplified by systems like Piso-WiFi in the Philippines and PM-WANI in India. Conducting the first systematic field reconnaissance and penetration testing of this ecosystem, the authors develop a tailored threat model and demonstrate two practical attacks that successfully exploit critical vulnerabilities. Building on these findings, they propose a secure caching architecture that effectively mitigates key threats while preserving system scalability. The work provides empirical evidence and actionable design guidelines to enhance the security of rural pay-as-you-go Wi-Fi infrastructures.

Providing reliable, affordable, and secure Internet connectivity in rural areas remains a major challenge. Pay-for-use Wi-Fi hotspots are emerging as a scalable solution to provide affordable Internet access in underserved and rural regions. Despite their growing adoption, their security properties remain largely unexplored. In this paper, we present a security analysis of these hotspot ecosystems based on Wi-Fi surveys and practical attack validation. We first perform a Wi-Fi survey conducted in two countries, namely the Philippines and India, to understand the deployment and adoption of such systems in practice. Our results suggest that Piso-WiFi pay-to-use hotspots are particularly widespread in rural regions of the Philippines, and that India's PM-WANI initiative is slowly gaining traction. We then perform a security assessment of these deployments and demonstrate two practical attacks: hijacking another user's paid connection; and rogue hotspots. We analyze the root causes of these vulnerabilities, introduce threat models tailored to pay-for-use hotspot deployments, and outline practical security improvements, including a secure caching architecture. Our findings highlight security challenges in emerging rural connectivity infrastructure and provide directions toward more secure and scalable deployments.