Marriott fined $600,000 by FCC for interfering with customer WiFi hotspots

in legal on 2014-10-09 16:17 (#2T6H)

Marriott (since 2012) has been using wireless technology to prevent guests at the Gaylord Opryland hotel and convention center from using their own Wi-Fi mobile hotspots, forcing exhibitors or customers to use Marriott's expensive Internet services, available at the whopping cost of $250 to $1,000 per wireless access point. Despite popular press reports, this did not involve "jamming" which is strictly illegal in the US, but instead something more like a WiFi DoS attack.

Marriott had deployed a Wi-Fi monitoring system with a "containment capability". When activated, the system could identify Wi-Fi access points that were not part of Marriott's own Wi-Fi system (or otherwise authorized by Marriott). Such non-Marriott access points were dubbed "rogues". When rogues were detected, the system sent "de-authorization" packets to the unauthorized access points, booting those users off their free connections and, presumably, forcing them to pony up for Marriott's paid Internet access.

http://www.commlawblog.com/2014/10/articles/enforcement-activities-fines-f/marriott-whacked-for-600000-for-war-on-rogue-wifi-hotspots/

13 comments

Forbid personal hotspots in Marriott hotels? (Score: 3, Interesting)

by tanuki64@pipedot.org on 2014-10-09 16:37 (#2T6J)

I am wondering, is it possible for Marriott hotels to forbid the use of personal hotspots? Part of the ToS guests have to sign? Could they then use their Wi-Fi monitoring system not to disrupt the customers hotspots, but to identify them and then fine the customer?

Ok, being able to send "de-authorization" packets does not mean to be able to identify or localize the hotspot. And doing this in the open is surely not a way to get more guests. So this is more a theoretical question.

Re: Forbid personal hotspots in Marriott hotels? (Score: 5, Insightful)

by kerrany@pipedot.org on 2014-10-09 17:43 (#2T6K)

Theoretically, when you have a business relationship with someone, you and the business can sign a contract together containing anything that is not against criminal law. "You agree not to use your personal hotspot while you are in our hotel" is not against criminal law. The enforcement of that contract would get bad, though - they obviously can't block other service, they just got fined for that. They would have to proactively search for wifi other than their own within the building, address the person serving it, and request that they either stop or leave the building. (Technically speaking, that's quite easy. Just look for the radio waves.)

If that person had signed the agreement, they would then be liable under the agreement and could be penalized or sued or some other appropriate punishment. If the person had not signed the agreement (and keep in mind, they might not be the ones who made the travel arrangements and things would get trickier there - just because you authorize your travel agent to reserve a room for you does not mean you authorize them to sign legal agreements on your behalf), the Marriott could only evict them, and request police assistance if they refused to leave.

If the case went to court, the victim's contract lawyer would have a field day confirming whether or not the contract was actually valid - any number of factors could get it ruled invalid. If the victim was not the one who made the arrangements and did not authorize the signing; if the victim was in any way incapacitated; if the victim was presented with "oh, it's just a standard form, you have to sign it" talk by the clerk; if the Marriott failed to uphold its end of the contract in any way, including not providing the mandatory complimentary breakfast with hot oatmeal as specified in the contract; if the Marriott selectively enforced the rule (HE got away with it, why are you picking on ME?)... the list probably goes on quite a while, but IANAL.

The victim could then hit the hotel up for attorney's fees and infliction of emotional distress, and might do so anyway, regardless of whether they won or lost the suit, arguing that the agreement was egregious compared to the agreements other hotels force you to sign, and was deceptively pitched - and they very well might win. (It'd probably end up as a class action suit for all guests who had to sign the thing.) The lawyers would probably have a field day and everyone else would get shafted, as is usual for these things.

But, yeah, that would get rid of those "customer" critters Marriott would rather like to keep getting paid by, so you're right, it's only theoretical. Theory is fun!

Re: Forbid personal hotspots in Marriott hotels? (Score: 1)

by tanuki64@pipedot.org on 2014-10-09 17:48 (#2T6M)

Wow... even more complicated than I thought. Thanks. I know... YANAL.... but sounds plausible.

Re: Forbid personal hotspots in Marriott hotels? (Score: 3, Informative)

by evilviper@pipedot.org on 2014-10-10 01:28 (#2T6W)

is it possible for Marriott hotels to forbid the use of personal hotspots? Part of the ToS guests have to sign?

You'd have to check through ALL FCC rules. They can preempt and nullify any such agreements or rules that affect wireless device use. They've really put their foot down for OTA TV, DBS (satellite), and WPS (formerly: wireless cable TV), and could do so for WiFi:

http://www.fcc.gov/guides/over-air-reception-devices-rule

You'd need a lawyer specializing in this stuff to determine if they've made any rules that might apply to restrictions on the use of WiFi.

Ok, being able to send "de-authorization" packets does not mean to be able to identify or localize the hotspot.

It's extremely easy to locate a WiFi hotspot. Android devices have WiFi Analyzer which will beep like a signal meter as you approach a given AP. Then just walking around the location, you'll be able to use that info to narrow it down to a 20ft area, or so. You can do the same with any WiFi device that displays the signal strength of individual APs, just needing to watch the numbers, or otherwise write your own program to beep and show a relative gauge.

It would be much faster, easier and more accurate still, if coupled with a directional WiFi antenna connected to your device, to narrow it down to exactly which person at a table has the AP in their pocket.

Curious thought (Score: 1)

by kerrany@pipedot.org on 2014-10-09 17:51 (#2T6N)

More interesting than the legal ramifications: are they right about improving security? If you were a customer of theirs during the blocking you would have two options: go outside or buy wifi. Presuming they had decent security, would this not have stopped all those "suspicious_hotspot is nearby with 4 bars, do you want to use it" situations? Was the security reasoning behind this legitimate? (Obviously it's a money-grab, they could've given the wifi out for free in dozens of safe ways, but maybe their logic isn't entirely unsound.)

Then again, hotel wifi is about the most holey, vermin-infested place you can connect to the 'net. I'd be shocked if they actually had good security. Anyone ever stayed there while this was going on?

Re: Curious thought (Score: 1)

by tanuki64@pipedot.org on 2014-10-09 17:54 (#2T6P)

are they right about improving security?

More secure than ones own hotspot? Hardly.

I see a couple things here (Score: 1)

by codemachine@pipedot.org on 2014-10-09 18:06 (#2T6R)

On one hand, it might protect some of their customers who would otherwise foolishly connect to unsecured rouge access points run by some scammers. I could see a little bit of validity to the security argument.

On the other hand, if there is a law that makes it illegal to purposefully jam a WiFi signal, shouldn't a denial of service attack that takes out the WiFi be similarly illegal?

Re: I see a couple things here (Score: 2, Funny)

by fnj@pipedot.org on 2014-10-09 20:43 (#2T6T)

Yeah, those "rouge" access points sure are a problem. Is that jeweller's rouge, or morticians rouge? Just ladies' make-up rouge?

Re: I see a couple things here (Score: 1)

by wootery@pipedot.org on 2014-10-10 17:32 (#2T7C)

if there is a law that makes it illegal to purposefully jam a WiFi signal, shouldn't a denial of service attack that takes out the WiFi be similarly illegal?

My thoughts exactly. The technical mechanism they used is only of interest to us readers as a technical curiosity. I don't know that 'jam' and 'DoS' are really exclusive, anyway: it seems reasonable to say that they used DoS as a means of achieving a jam.

Under The Radar? (Score: 0)

by Anonymous Coward on 2014-10-10 20:48 (#2T7E)

My question is whether we as consumers/paying guests/etc. can configure an AP so that it provides us service and yet flies under the radar enough to be immune to these lowly tactics on the part of scummy businesses like Marriott.

Obviously one can turn off SSID broadcast, which helps a teeny tiny bit, but I wonder just how far one would have to go to fly under the radar of most of these WiFi attacks and countermeasures and just use your own damn equipment and services without interference.

Naturally if you're transmitting at any frequency at all, SOMETHING can find you, but if you obscure your protocols and frequency enough it should be doable. The only question is how much is enough and how hard is it to do...

Re: Under The Radar? (Score: 1, Informative)

by Anonymous Coward on 2014-10-10 20:51 (#2T7F)

Huh, it looks like at least part of the answer is 802.11w.

http://security.stackexchange.com/questions/20219/preventing-deauthentication-attacks

Re: Under The Radar? (Score: 2, Interesting)

by evilviper@pipedot.org on 2014-10-11 02:41 (#2T7G)

how far one would have to go to fly under the radar of most of these WiFi attacks and countermeasures and just use your own damn equipment and services without interference.

I'd use the FCC's contact page... It's super effective!

Turning-off SSID broadcasting won't do the tiniest thing.

The AC mentioned 802.11w before me. But there are other potential options in the interim...

* WiFi firmware (on ALL your clients) could be modified to ignore deauth packets if sent too frequently, and pay attention to data connectivity, instead.

* You could put your AP and all your clients in a metal (Farady) cage, but you need your cellular antenna to be outside the cage to get a signal.

* You could use network monitoring tools to look for deauth packets, then walk around checking signal strength to find the physical location of the AP interfering with you. From there, a crowbar will solve the problem quite nicely... Alternatively, unplugging or putting a metal cage around the interfering device will work, if you're opposed to vandalism for some strange reason.

* You could PLUG-IN to your AP instead of using WiFi. Of course if you're tethering to your cell phone (as opposed to a "MiFi" device that has an RJ45 port) then the deauth attack could make internet access unavailable indirectly.

Re: Under The Radar? (Score: 0)

by Anonymous Coward on 2014-10-11 15:06 (#2T7K)

Yes, I was answering myself after I found 802.11w. Still me. :)

Other than the firmware mods (which I gather aren't actually available unless one writes them) your other suggestions are of course untenable.

Starting to seem as if the better approach would simply be a 3G card or dongle directly on each device, removing 802.11 from the picture. This works with most family plans. Pity though, having to spend extra money to dodge the bastards. Of course on their premises they could conceivably jam GSM and CDMA too.