Hotspot security
A typical hotspot is an open network. This means that traffic transferred between the hotspot and the hotspot clients is not encrypted and can be intercepted by a packet sniffer or similar technology. However, the sample HTML login pages provided with your TX64 device use CHAP-MD5 authentication, providing a level of security during the authentication process. Additionally, websites that use the HTTPS protocol provide end-to-end encryption between the browser and the web server.
Hotspot clients are typically untrusted and only given access to the WAN interface on the device. The hotspot firewall zone settings prevent hotspot clients from accessing any of the other interfaces on the device (such as the LAN and VPN interfaces). Additionally, the hotspot zone prevents hotspot clients from accessing the device itself (for example, via the web interface or SSH).