Google, Microsoft, Wireless Carriers Form Rare Alliance To Battle Marriott's Dumb Wi-Fi 'Jamming'
from the a-fight-you're-just-not-going-to-win dept
Back in October we noted how the FCC had fined Marriott $600,000 for the company's decision to block cellular signals in the company's Gaylord Opryland Hotel and Convention Center in Nashville. The move was pretty clearly intended to prevent people from using their tethered modems and cellular hotspots, instead forcing convention attendees to use Marriott's absurdly pricey (and frequently awful) Wi-Fi service. While Marriott agreed to pay the fine, the company tried to feebly defend itself by proclaiming it was only looking out for the security and safety of their customers (what a sweetheart):"Marriott has a strong interest in ensuring that when our guests use our Wi-Fi service, they will be protected from rogue wireless hot spots that can cause degraded service, insidious cyber-attacks and identity theft," the statement said. "Like many other institutions and companies in a wide variety of industries, including hospitals and universities, the Gaylord Opryland protected its Wi-Fi network by using FCC-authorized equipment provided by well-known, reputable manufacturers."While Marriott is bullshitting their way around what's clearly a transparent ploy to make money, both Marriott and some observers have argued that what Marriott's actually doing may not technically be illegal under anti-jamming provisions of section 333 of the Communications Act. That's because Marriott isn't technically jamming cellular signal, it's using a deauthentication attack -- or sending packets that misleadingly disrupt communications between a client and router, making using your mobile hotspot or tethered modem impossible. Hardware vendors commonly sell gear that can accomplish this, and the practice is very common at hospitals, some corporate campuses, and events like Defcon.
Of course even if Marriott were able to successfully legally argue this defense, it doesn't mean it isn't behaving badly. The FCC also seems unlikely to listen as some very heavy hitters this week entered the conversation. In a rare show of solidarity for companies often on very different sides of key tech issues, Microsoft, Google and wireless carriers have joined forces to yell at Marriott in new filings with the FCC. All of the filings argue that yes, Marriott's behavior does violate Section 333, and yes -- it's really just about Marriott being uncompetitive to make money:
"The Commission’s authority to prohibit the interference described by Petitioners is found in the plain language of Section 333 and supported by general grants of power in Section 303, as well as other provisions of the Communications Act. Contrary to Petitioners’ allegations, moreover, the Commission’s Rule 15.5(b) does not exempt unlicensed devices from protection against intentional, harmful interference. Under its statutory authority, and consistent with its Part 15 rules, the Commission has categorically warned against the use of equipment that blocks or jams authorized communications and recently found against the exact practices described in the petition."Given the Sisyphean feat of battling the government, public perception, and some of the most wealthy and politically powerful technology companies in the world just so you can sell some over-priced Wi-Fi, the path of least resistance for Marriott would probably be to just stop behaving like a jackass.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: fcc, hotels, wifi blocking, wifi jamming, wireless
Companies: at&t, google, marriott, microsoft, verizon
Reader Comments
Subscribe: RSS
View by: Time | Thread
And desire for money. But in this case, I really think it's the jackass portion that's going to stick out.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Which?
We block wifi at work. Supposedly the range doesn't extend out of our building (which is surrounded by parking lots) and the vendor claims secret sauce that will only kill unauthorized WAPs plugged into our network. I have my doubts.
[ link to this | view in thread ]
[ link to this | view in thread ]
DEFCON Wifi Jamming
DEFCON does not officially jam wifi during the conference. They jam wifi access points that use the name DefCon (or whatever SSID they are using) to prevent rogue access points. They don't prevent folks from setting up rogue access points, just rogue access points that are obviously rogue. DEFCON attendees may jam wifi, but they aren't doing so in any official capacity.
However, anyone using wifi at DEFCON, or for that matter, any electronic device, should be using a throw-away device that will never be used in any setting other than DEFCON. The old adage goes, turn off anything electronic when entering Las Vegas during DEFCON, and don't turn it back on until you leave.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Which?
From what I've read, they only blocked wifi. There was nothing preventing folks from using USB to tether. The problem with this is that it requires someone to connect a hard-wired network device to a USB connected hotspot and then run the connections via ethernet to the computers they wanted. Wifi is just a hell-of-a-lot easier and more efficient for connecting systems to the internet.
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
WiFi, and other applications that use the ISM band (2.4 gHz) are specifically designed not to be jammed by broken Microwave oven's, and are specifically licensed by the FCC to operate in the ISM band (it is illegal to use a device that is not licensed by the FCC, which is why my cantenna doesn't come out when the FCC is around.)
GE gets away with it partly because they attempt to shield their devices so that they don't inject a lot of interference. All microwave ovens have to have an FCC-issued Equipment Authorization (as does any other device that emits radio noise.) If you took a microwave apart and built a device using the magnatron from the microwave to specifically jam wifi, I suspect the FCC van would be arriving at your house shortly to make life miserable for you.
[ link to this | view in thread ]
The deauthentication attack works because the 802.11 standard doesn't encrypt deauthentication packets being sent between the wireless router and the clients connected to it.
So all an attacker needs to do, in this case Marriott, is look for any wireless routers broadcasting in their hotel. Spoof that routers MAC address. Then broadcast deauthentication radio messages that pretend to be coming from the wireless router attempting to be blocked.
Wifi clients will believe this spoofed deauthentication message was really sent from the legitimate router, because the MAC address matches. There's no encryption or strong authentication standards for deauthentication messages in the 802.11 standard. Only MAC address authentication, which is easily spoofable. WEP, WPA, and WPA2 don't encrypt deauthentication messages.
There's two ways to prevent such attacks. Either manually patch your open source wifi adapters firmware and/or drivers so they ignore deauthentication flooding.
if(deauth_req_count > 2 && last_time_deauth < (10 * SECONDS)) ignore_deauth_req(10 * MINUTES);
http://hackaday.com/2011/10/04/wifi-jamming-via-deauthentication-packets/#comment-471998
Or simply tether your laptop to your smartphone using a USB tether cable.
[ link to this | view in thread ]
We run our own hotspots (including a wall-o-sheep, sponsored by DC404; and one based on a rasperry pi. Plus a connection for the space track to run their late-night live astronomy in Chile) and not noticed any issues. You can bet we'll be on the lookout for any issues.
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
It may be Marriott corporate wanting to squeeze a little extra profit out of hotels actually owned by Marriott.
Of course, with the room and parking rates the hotels charge during Dragoncon, they don't need to charge for wifi...
[ link to this | view in thread ]
What Is A “Rogue Access Point” Anyway?
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Which?
If you have and Android phone, you may be able to just plug in a USB OTG cable to your phone and an open USB port on your laptop.
Turn on "USB tethering" in the "Settings > More... > Tethering & portable hotspot" settings, and you're good to go. No wifi needed.
This will also charge your phone using the laptop's battery or power supply if plugged in.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Can The FCC Regulate Above The Physical Layer?
As I understand it, Marriott is not actually jamming the signals (which would require transmitting signals beyond the legal power limits), merely sending spoof packets that cause the connections to drop.
Does the FCC have the power to regulate this sort of thing? It seems to me it would have no say on what protocols (or perversions of protocols) people use on these bands, just so long as everybody stays within the power limits.
[ link to this | view in thread ]
Re: Re: Re:
Just curious, when is the FCC around?
[ link to this | view in thread ]
Re:
Other Mariott-owned chains do include wifi, it's just the hotels actually called Mariott that charge for it (IIRC).
[ link to this | view in thread ]
Re: Re: Re: Re:
I occasionally see an FCC SURVEILLANCE VAN SSID appear in my war-driving logs...
I see a lot more FBI SURVEILLANCE VAN and NSA SURVEILLANCE VAN SSIDs lately, so I think they are more active.
;-)
Seriously though, I don't even bring my cantenna with me to the airport any more...the TSA guys get really excited when they see a Pringles can with wires and metal rods in it going through their checkpoints.
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
Well, it doesn't take much to get those guys going.
[ link to this | view in thread ]