Slashdot Mirror
Marriott Fined $600,000 For Jamming Guest Hotspots
schwit1 writes: Marriott will cough up $600,000 in penalties after being caught blocking mobile hotspots so that guests would have to pay for its own Wi-Fi services, the FCC has confirmed today. The fine comes after staff at the Gaylord Opryland Hotel and Convention Center in Nashville, Tennessee were found to be jamming individual hotspots and then charging people up to $1,000 per device to get online. Marriott has been operating the center since 2012, and is believed to have been running its interruption scheme since then. The first complaint to the FCC, however, wasn't until March 2013, when one guest warned the Commission that they suspected their hardware had been jammed.
Probably trade show booths. $1k is not an unusual cost of doing business internet fee for a convention. Oh yes, it's absurd. And yes, people will pay it if that means they can peddle their wares and make some deals.
They didn't jam the spectrum, they sent de-auth packets to the clients making it impossible for them to use the hotspots.
I think it's because cheap hotels are for regular travelers and nice hotels are for people traveling on business who will be reimbursed by their employers. Even for expensive hotels, the prices are pretty minuscule compared to what a big company can afford, so money is really no object for them. So the employees book at expensive hotels because it's kind of a perk of traveling for their company, and private individuals book at cheap ones because that's what they can afford.
is that now that's less money that Mariott can donate to the Mormon church. Anything to deprive that cult of funds is a good thing.
I have, for years, because of Marriott's cozy relationship with the Mormons, refused to stay in one of their properties or any property owned by same.
So they basically got away with it. $600k when they're charging $250-$1K per wireless account? Yeah...that's fair.
Personal experience: ... where are the refunds? Where are the damages being paid back? My conference was fairly small (this hotel is beyond enormous mind you) and there still had to be 100+ vendors. We were one of ... I don't know ... 5-10 conferences that weekend?
I was a vendor at a conference in this exact hotel in 2013. Internet access was ridiculously expensive...per account which they prohibited sharing between devices of course. Handy when you're trying to present and sell technical services...and your hotspot doesn't work. Many vendors complained about how their hotspots weren't working, quite a few sucked it up and paid the extortion fee. Now I guess we know why. What I want to know is
At a bare minimum the FCC should find them equal to all the WiFi access fees they collected while this system was in place. Would some have paid anyhow? Yes. This is meant to punitive after all.
Oh...and don't let me get started on how they *required* you to "rent" carpet for your booth 10'x10' booth (starting at several hundred dollars) and pay for power connections - another several hundred dollars for the lowest ~300w 110v connection. Then there were fees to receive fedex boxes, fees to store them until you got them, fees to deliver them to you, etc. Want to rent a TV for your display? They quoted something like 6 grand for two 42" TVs with speakers. Yah huh. The vendor that got that quote laughed at them, went to costco and bought two TVs for ~$1500, then raffled them off.
You can get rich if you own a politician, but you have to be rich to buy one in the first place.
Technically this wasn't jamming - it was a DoS through wifi deauth attacks.
Actually jamming other wifi routers while keeping yours up would be extremely tricky or maybe impossible.
"When information is power, privacy is freedom" - Jah-Wren Ryel
its not a $1k fee for internet, ever
Not everyone at the hotel is staying in a room at the hotel.
Do they hold business conferences there? Our company sends me to man the sales booth at conferences/expos all the time, and the hotels charge us ridiculous rates. I haven't gotten to $1000 yet, but the last one was at a Radisson which had a $150 "setup fee" plus $80/day per device for a two day conference (I expensed $20 to turn on my sprint hotspot for a month to run our demonstration ipad and ipod touch).
If I have been able to see further than others, it is because I bought a pair of binoculars.
To play devil's advocate - That's pretty much what the people here were trying to do - prevent a disaster like what happened at the 2012 Big Android BBQ, where exhibitors/speakers couldn't use the network because it was completely jammed, or 2013 BABBQ where they at least kept most people off of the convention center network but all of the hotspots around caused everyone's wifi to be flaky.
Keep in mind this happened at a single Marriott location which was a convention center - it's not standard corporate policy. I've been staying at various Marriott hotels for years and the wifi has always been free.
retrorocket.o not found, launch anyway?
As much as I dislike Mariott's practice here, this is clearly outside the scope of the FCC's regulatory powers and as far as I know isn't even in violation of their own regulations. First of all, WiFi operates on UNREGULATED spectrum, which means anyone can use, and anyone must accept interference from other users. Apparently, the FCC wasn't even concerned with the frequencies that Mariott was using, it was the fact that they were sending de-auth packets that bothered them. This is not the sort of thing FCC should be regulating. In fact, the technique used by Mariott is commonly used in many locations (hotels, universities, hospitals) that provide their own WiFi in order to prevent rogue setups from intercepting people's data, and possibly even redirecting traffic to their own phishing sites. (Not everyone checks that the SSL certificate fingerprints haven't changed when they log in to their bank account!) I used to work in the IT department at a university and we did EXACTLY the same thing that Mariott was doing, for just that reason. (Unlike Mariott, we didn't charge people to use our WiFi, but that should make no difference as far as the FCC is concerned.) When we set up that system, we also investigated the legality of it, and the conclusion we came to was that it was perfectly legal since it was on unregulated spectrum. In fact, many, if not most, commercial WiFi systems have this function built in. Ours certainly did, we only had to turn it on.
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
...and spoofed it on my network card. Voilà! Free access.
FTFY.
I live ze unknown. I love ze unknown. I am ze unknown.
You're confusing unlicensed with unregulated. The FCC regulates ALL the RF spectrum in the US.
With that said...The rules include:
"...no person shall willfully or maliciously interfere with or cause interference to any radio communications of any station licensed or authorized by or under this chapter or operated by the United States Government"
This was definitely willful and arguably malicious as well.
You can get rich if you own a politician, but you have to be rich to buy one in the first place.
First of all, WiFi operates on UNREGULATED
This is completely and patently false. There ARE regulations on wifi. They are merely moved into the unlicensed spectrum which is NOT the same thing as unregulated. Granted, the regulations are pretty few, they are NOT non-existent.
As much as I dislike Mariott's practice here, this is clearly outside the scope of the FCC's regulatory powers and as far as I know isn't even in violation of their own regulations. First of all, WiFi operates on UNREGULATED spectrum, which means anyone can use, and anyone must accept interference from other users.
Not quite true, the ISM bands are Unlicensed bands, not unregulated. In order to sell equipment used to transmit on these bands, the systems must be type approved. Part of this type approval process includes ensuring that the equipment in question will not cause undue interference to other users on the band. To me, sending rogue de-auth packets constitutes interference.
In Meraki's Air Marshal Whitepaper, they explicitly state on page 8 that Unauthorized containment is prosecutable by law (subject to the FCC’s Communications Act of 1934, Section 333, ‘Willful or Malicious Interference’)..
I actually had this particular issue affect me. As a volunteer, I operate a community-wide network, including a widespread wifi network, at a retreat centre high in the mountains of WA. At this time, there is a significant mine remediation project going on in our valley, so we have leased out several buildings to the construction companies, who setup their own Meraki system. Unfortunately, they enabled Air Marshal, which then went on to attack our wireless network. Despite running WPA-Enterprise on our network, it was still successful in attacking our networks, and rendering them nearly useless. In the end, we had to flex our muscles as the landlord to get the feature disabled.
In my mind, the ability to attack adjacent networks should be illegal, and Cisco and the others should not be permitted to sell this technology to the general public. Rather the systems should simply alert on the presence of other wifi networks, and assist in locating them. Also, the wifi standards should really be updated to fix this type of vulnerability... in a WPA-Enterprise environment, clients should only respond to a de-auth packet encrypted/signed with the session key between the client and the AP its connected to.
...si hoc legere nimium eruditionis habes...
Am I wrong? That's how I read the whitepaper.
You are wrong. At least one model of Meraki access point has a dedicated radio for this purpose. It attacks other wifi networks through a number of mechanisms, including pretending to be the AP under attack, to attract clients to it, sending spoofed de-auth packets to the clients of other APs, and other techniques to effectively conduct a denial of service attack on whatever other wireless network that may exist within its range. This is precisely what I was encountering on my network.
The main issue I have with this technology is that it can be set to attack all other wifi networks. If it was limited to protecting the SSIDs under its control, I would have less of an issue with it. IE if the wireless system is advertising the SSID "Marriott Convention Center" and someone else sets up a rogue AP using the same SSID, then that's fair game, as the person running the rogue AP is either clueless, or has nefarious intent. If it's attacking "Bob's iPhone Network" then that's another matter.
...si hoc legere nimium eruditionis habes...