Wednesday 8 October, 2014, 05:37 - Spectrum ManagementWireless Waffle last reported on Wi-Fi jamming in the context of 'Wi-Fi free zones' that had been set-up by confectionery company Kit Kat in Amsterdam. At the time we examined whether or not the jamming of Wi-Fi could be done legally and concluded that though it was probably illegal, it was a grey area (the jamming that is, not Amsterdam).
Posted by Administrator
Posted by Administrator
It's one thing to try and provide a Wi-Fi free zone by blocking Wi-Fi signals from entering an area, but a completely different thing to monitor Wi-Fi signals and then send malicious data to hotspots to force them to disconnect users. This is, however, exactly what hotel chain Marriott have been found doing at their Gaylord Opryland hotel in Nashville, TN. The FCC have fined Marriott US$600,000 for:
using the containment features of a Wi-Fi monitoring system ... to prevent individuals connecting to the internet via their own personal Wi-Fi networks
What appears to have happened is that the hotel had installed sophisticated Wi-Fi monitoring equipment which checked to see what networks were available within the hotel. This equipment would be able to detect any networks that were not authorised by the hotel and then send a 'de-authorisation' message to those networks having the effect of throwing off users connected to them.
The hotel argues that the reason for having such a system was to stop malicious networks being set-up and to protect their guests. Take the example where a malfeasant wishes to steal passwords and other information from hotel guests. All they would need to do is set-up a 'copycat' Wi-Fi hotspot with the same name (SSID) as those used in the hotel (presumably something like 'Marriott Wi-Fi') in close vicinity to the hotel itself. Hotel guests near the copycat hotspot may inadvertently connect to it instead of the hotel Wi-Fi. In doing so, all of their internet traffic would pass over the copycat network giving the malfeasant the opportunity to skim it for juicy bits of personal data. Presumably hotel guests make a good source of such information compared, for example, to those sitting in a coffee shop.
In the above example, the hotel's Wi-Fi monitoring system would detect the copycat network and send the necessary de-authentication messages. Any hotel guests connected to the copycat network would then be thrown off and, hopefully, would re-connect to the 'safer' hotel run hotspots. In the process, the hotel would argue that it was protecting its guests from the malicious intent of the malfeasant. All perfectly sound thinking?
But that is not what the Gaylord Opryland was doing. It was using the same principles to throw guests off of networks they had set-up themselves using, for example, Wi-Fi tethering on their mobiles or diddy Mi-Fi devices and forcing them to use the hotels own Wi-Fi services. Why? Because it wanted them to pay upwards of US$1000 per day to use the hotel's own Wi-Fi services. In the words once written by a great philosopher, 'naughty, naughty, very very naughty'! Unfortunately for the Marriott, it got caught in the act, hence the nasty fine from the FCC. Of course the reason that guests were using their phones or Mi-Fi devices to connect to the internet was specifically to circumvent the extortionate rates that the hotel wanted to charge for Wi-Fi access.
It is not clear how the guest who reported the hotel to the FCC found out what was happening, or indeed if they discovered anything more than their own Wi-Fi connection dropping out. To detect the de-authentication messages would take as much guile as it does to set up such a facility in the first place. Perhaps in the future, any hotels (Marriott or otherwise) planning on doing the same thing should think twice before holding conferences for ICT professionals, or worse, radio spectrum regulators!