I have a question about how hotspots work, and the odds of me getting someone at Verizon that would be able to answer my question would probably be pretty slim, so I thought I’d ask here.
We have bad actor countries blocked at our firewall for all traffic except port 25 so we can still get email from them. Because of this, whenever someone travels to one of these countries, they have to give us the IP address of the hotel they’re staying at and we’ll whitelist it in the firewall so they can connect and work remotely. Recently one of our employees went to China and used his phone hotspot to connect his laptop, and he was able to connect and work the whole time without issue. When we found this out, we looked at the logs and found he actually had a US IP address which is why it worked, even though he was in China and I’m sure roaming on a Chinese cell network.
So, I guess my question is, does Verizon somehow tunnel traffic automatically that is using a hotspot through a vpn back to the US? I just don’t know how else to explain him having a US IP address when in China. If this is the case, that would actually be pretty awesome because it would totally help with having a secure connection when in countries like that.
If anyone could shed light on this I’d appreciate it. Thanks!
US cell carriers tunnel all international roaming traffic to an encrypted US endpoint.
This includes hotspot data.
I should add, I’m actually in Costa Rica right now, and I was curious what IP address I’d get on my hotspot. It ends up it’s from the US!
What the heck Verizon? Is this a VPN tunnel? or are they doing some other kind of magic?
That’s great to know! Thanks for confirming. Definitely helps to know that’s happening when people are going abroad.
Interesting - and surprising!
What the heck Verizon? Is this a VPN tunnel? or are they doing some other kind of magic?
It’s not quite as secure as a VPN tunnel, because it uses the LTE spec. If a foreign government finds a vulnerability in LTE, they could potentially MITM access the data.
But it’s the best option short of the carriers offering a VPN system app.
Huh, yeah that makes sense. I was kind of hoping that I could make this policy for my users for when they go to bad actor countries that they would have to use their phone hotspot to help with them having a more secure connection. I guess, it’s still better than not doing it that way and just putting your laptop on the hotel wifi and using the Chinese networks. But if there are still vulnerabilities in there then it definitely wouldn’t be a perfect option. Just a better option.
I do not recommend relying on US carrier encryption. You should VPN on top of it.
Nobody in the west should use CCP-controlled networks when traveling to China. Ever.
Carrier encryption is like Windows Defender. Better than nothing, but definitely not where you should stop when going traveling to a foreign adversary.
Haha! For sure! I get that. I was just trying to understand what it was all about. I was surprised to find out that we get a US ip address when abroad, so I wanted to understand that. A lot of the comments here have definitely helped she’s light on what’s going on. But you’re right, I think we need to enforce a vpn for anyone traveling there.
Thanks!