FCC fines Marriott $600,000 for jamming hotel Wi-Fi
A Nashville convention center figured out how to boost its revenue from selling Internet service: it illegally jammed guests' and exhibitors' Wi-Fi networks. Glenn Fleishman explains the technical scam and why it earned a six-figure smackdown.
The Marriott-run Gaylord Opryland resort in Nashville was faced with a dilemma. Like all hotels and exhibition centers, it charges exhibitors and conference organizers exorbitant amounts for Internet access on trade-show floors, as well as nightly fees for guests. Nearly all conference centers charge thousands of dollars for a few days of access, per exhibitor, and all they get is a couple of megabits per second at their booth. Google for the price sheets: you'll need an emesis bag handy.
Thanks to fast cellular networks and portable WiFi hotspots, though, these halls are losing their extortionate edge. A carryover from the days of a captive audience who had no other choice, the wheeze was always factored in as a cost of participating in trade shows and other events. Now, however, the 4G LTE standard--whose frequency range penetrates buildings far better than most older cellular technologies--offers data rates in the tens of Mbps.
The Gaylord Opryland came up with a clever plan. Some level of hotel management understood that its Wi-Fi intrusion-mitigation system came with a feature that could kick people off networks — and not just their own. So, as the FCC explains in a press release and consent order [PDF] released today, Marriott staff at the facility made it impossible for people in the vicinity to use personal hotspots, portable routers, and the like. This is a big no-no: a violation of Section 333 of the Communications Act. A clever visitor to the convention center — likely someone irritated at being knocked off his portable router over and over again — discovered the deauth behavior and reported it in March 2013 to the FCC.
The technique employed, according to the FCC release, is deauthentication. It's a common attack vector used by malicious parties to push clients off legitimate access points and get them to connect to "evil twins," look-alike Wi-Fi networks that are hives of villainy, or to cause denial of service. The aircrack-ng software, for instance, lets you type in a very simple sequence that shoots the correct sequence of packets at a client and a router, and forces the two to stop talking, at least for a moment.
There is no authentication of deauth, ironically enough, although the kind of intrusion-detection and -mitigation hardware and software used by companies like Marriott can detect these attacks. (More irony in using a mitigation system to attack others.) Vendors of such products boast about the use of deauth — in regards only to booting unwanted people from their clients' own Wi-Fi networks.
The FCC found this not clever at all, and Marriott (which acquired the property in 2012) is paying a $600,000 fine, and under the terms of the consent decree, must halt its Wi-Fi blocking and implement and report on a compliance plan at all its properties in America. The FCC report doesn't say whether Marriott was engaged in similar activities elsewhere, but I suspect geeks will now be on high alert to check for it whenever they can't maintain a Wi-Fi connection to their own gear at or near a hotel or convention center.
This is a wonderful and strong affirmative approach by the FCC asserting consumer rights. The head of the FCC's enforcement bureau said bluntly in the news release: "Consumers who purchase cellular data plans should be able to use them without fear that their personal Internet connection will be blocked by their hotel or conference center." Convention centers will have to adapt and figure out new ways to ream exhbitors — the FCC doesn't regulate breathing, does it?
When wifi first appeared, it was secured by something called "WEP" that was so laughably weak that many people believe it was deliberately sabotaged by US spy agencies (who have a history of sabotaging security standards in order to preserve the ability to spy on their adversaries).
Poor Detroit neighborhoods, abandoned by telcos and the FCC, are rolling out homebrew, community mesh broadband
40% of Detroiters have no internet access. The Detroit Community Technology Project and similar projects across the city are skipping over the telcos altogether and wiring up their own mesh broadband networks, where gigabit connections are transmitted by line-of-site wireless across neighborhoods from the tops of tall buildings; it's called the Equitable Internet Initiative.
KRACK! Wifi's go-to security, WPA2, is fatally flawed, and will probably never be patched in many places
US CERT has privately circulated an advisory warning key stakeholders about the imminent publication of Key Reinstallation Attacks (KRACK), which exploit a heretofore unknown flaw in the WPA2 wifi security protocol, allowing attackers to break the encryption and eavesdrop upon — and possibly inject packets into — wireless sessions previously believed to be secure.
Sipping on whiskey is already a sophisticated experience, but that doesn’t mean you can’t kick it up a notch. A perfect addition to your desk or home bar, the Eravino Whiskey Globe Decanter features a beautifully etched map on the surface and an eye-catching glass ship inside, bringing an entirely new level of class to […]
Gone are the days when you needed to pore over a 400-page physics textbook to learn about weight ratios, aerodynamics, and all of those other STEM concepts that let us take to the skies. Thanks to Force Flyers’ DIY Building Block Drones, you can foster your STEM knowledge as you build and fly your own functional […]
As more companies leverage cloud technology to unite and streamline their operations, the need for capable IT pros increases. But, as any IT guru will tell you, demand alone won’t get your foot in the door to this lucrative field. If you want to cash in on the demand and build a thriving IT career, […]