Marriott Fined $600,000 For Jamming Guest Hotspots

schwit1 writes: Marriott will cough up $600,000 in penalties after being caught blocking mobile hotspots so that guests would have to pay for its own Wi-Fi services, the FCC has confirmed today. The fine comes after staff at the Gaylord Opryland Hotel and Convention Center in Nashville, Tennessee were found to be jamming individual hotspots and then charging people up to $1,000 per device to get online. Marriott has been operating the center since 2012, and is believed to have been running its interruption scheme since then. The first complaint to the FCC, however, wasn't until March 2013, when one guest warned the Commission that they suspected their hardware had been jammed.

Inverse Wi-fi law

Why is it that the most awful dumpy motels always seem to have free, open and strong wi-fi? Many don't even bother with passwords.

Yet it's the expensive name-brand boutique hotels that always charge for wi-fi. And more often not, it's terrible quality, hard to connect and slow?
And, now we see this happening. This never happens at Motel 6.

Has anyone else noticed this- that overall the cheaper and sleazier the motel, the better the wi-fi?

Re:Inverse Wi-fi law

[mspohr]

Plus... often it's other people's money.
Business travelers just charge it to the company.

Maybe we should pour cement down their toilets

[JoeyRox]

To return the jamming favor.

Re:Not surprised in the least

[i.r.id10t]

I just stayed at a fancy hotel in Boston, they wanted $20/day internet access (wired or wireless).

First night I was actually able to connect to the public library a few blocks down the road, but it was VERY slow (3k/sec). After that first night, I was never able to reconnect....

Then I found out the hotel has internet connected TVs, so I plugged my *nix laptop into one of their jacks, got DHCP, and did a (ze)nmap scan to find all the other TVs. Picked one at random, grabbed its MAC address, and spoofed it on my network card. Wallah! Free access.

Charging for 'net access in a $50/night room I can understand - even if it is $10 or so. A $500/night room though should come with free wireless.... strangely in my travels, many cheap places (ie the $50-80/ngiht places I pay for) give free wireless, free coffee, sometimes some sort of free breakfast service, etc and the expensive fancy hotels (that my filthy rich relatives use and pay for, which is why I ended up in one in Boston) not only don't have these as free, but the prices they charge are outrageous ($24 for 2 eggs over medium, hashbrowns, bacon, toast vs. the same meal at Dennys, Waffle House, Perkins, any local diner, etc. for under $10).

Where's my refund then? (personal anecdote!)

[torkus]

So they basically got away with it. $600k when they're charging $250-$1K per wireless account? Yeah...that's fair.

Personal experience:
I was a vendor at a conference in this exact hotel in 2013. Internet access was ridiculously expensive...per account which they prohibited sharing between devices of course. Handy when you're trying to present and sell technical services...and your hotspot doesn't work. Many vendors complained about how their hotspots weren't working, quite a few sucked it up and paid the extortion fee. Now I guess we know why. What I want to know is ... where are the refunds? Where are the damages being paid back? My conference was fairly small (this hotel is beyond enormous mind you) and there still had to be 100+ vendors. We were one of ... I don't know ... 5-10 conferences that weekend?

At a bare minimum the FCC should find them equal to all the WiFi access fees they collected while this system was in place. Would some have paid anyhow? Yes. This is meant to punitive after all.

Oh...and don't let me get started on how they *required* you to "rent" carpet for your booth 10'x10' booth (starting at several hundred dollars) and pay for power connections - another several hundred dollars for the lowest ~300w 110v connection. Then there were fees to receive fedex boxes, fees to store them until you got them, fees to deliver them to you, etc. Want to rent a TV for your display? They quoted something like 6 grand for two 42" TVs with speakers. Yah huh. The vendor that got that quote laughed at them, went to costco and bought two TVs for ~$1500, then raffled them off.

Re:Jamming unlinced spectrum is illegal?

[Mike+Buddha]

The ISM bands are not unregulated. Operations in the ISM bands are not protected from unintentional interference, but the FCC most certainly has the authority to, but chooses to abide by agreements with the ITU deferring to ETSI.

This is exactly what the FCC should be regulating, and not the content of TV or Radio broadcasts. This type of intentional disruption of service should be policed by the FCC.

Re:Jamming unlinced spectrum is illegal?

[torkus]

You're confusing unlicensed with unregulated. The FCC regulates ALL the RF spectrum in the US.

With that said...The rules include:

"...no person shall willfully or maliciously interfere with or cause interference to any radio communications of any station licensed or authorized by or under this chapter or operated by the United States Government"

This was definitely willful and arguably malicious as well.

Re:Jamming unlinced spectrum is illegal?

[jd659]

...WiFi operates on UNREGULATED spectrum, which means anyone can use, and anyone must accept interference from other users... and we did EXACTLY the same thing that Mariott was doing, for just that reason. ... we also investigated the legality of it, and the conclusion we came to was that it was perfectly legal since it was on unregulated spectrum.

According to that logic, I can come with a router backpack and prevent all users from connecting to YOUR university network. Well, it's unregulated, right? You should accept the interference and you cannot ask me to leave (in fact, I can be on a public place to cause you enough of a headache, so all is a fair game).

How did Google get charged exorbitant fees for briefly recording unencrypted wi-fi traffic from their street view cars while everything they did was on an unregulated spectrum?

Re:Jamming unlinced spectrum is illegal?

[Strider-]

As much as I dislike Mariott's practice here, this is clearly outside the scope of the FCC's regulatory powers and as far as I know isn't even in violation of their own regulations. First of all, WiFi operates on UNREGULATED spectrum, which means anyone can use, and anyone must accept interference from other users.

Not quite true, the ISM bands are Unlicensed bands, not unregulated. In order to sell equipment used to transmit on these bands, the systems must be type approved. Part of this type approval process includes ensuring that the equipment in question will not cause undue interference to other users on the band. To me, sending rogue de-auth packets constitutes interference.

In Meraki's Air Marshal Whitepaper, they explicitly state on page 8 that Unauthorized containment is prosecutable by law (subject to the FCC’s Communications Act of 1934, Section 333, ‘Willful or Malicious Interference’)..

I actually had this particular issue affect me. As a volunteer, I operate a community-wide network, including a widespread wifi network, at a retreat centre high in the mountains of WA. At this time, there is a significant mine remediation project going on in our valley, so we have leased out several buildings to the construction companies, who setup their own Meraki system. Unfortunately, they enabled Air Marshal, which then went on to attack our wireless network. Despite running WPA-Enterprise on our network, it was still successful in attacking our networks, and rendering them nearly useless. In the end, we had to flex our muscles as the landlord to get the feature disabled.

In my mind, the ability to attack adjacent networks should be illegal, and Cisco and the others should not be permitted to sell this technology to the general public. Rather the systems should simply alert on the presence of other wifi networks, and assist in locating them. Also, the wifi standards should really be updated to fix this type of vulnerability... in a WPA-Enterprise environment, clients should only respond to a de-auth packet encrypted/signed with the session key between the client and the AP its connected to.

Re:Jamming unlinced spectrum is illegal?

[Strider-]

Am I wrong? That's how I read the whitepaper.

You are wrong. At least one model of Meraki access point has a dedicated radio for this purpose. It attacks other wifi networks through a number of mechanisms, including pretending to be the AP under attack, to attract clients to it, sending spoofed de-auth packets to the clients of other APs, and other techniques to effectively conduct a denial of service attack on whatever other wireless network that may exist within its range. This is precisely what I was encountering on my network.

The main issue I have with this technology is that it can be set to attack all other wifi networks. If it was limited to protecting the SSIDs under its control, I would have less of an issue with it. IE if the wireless system is advertising the SSID "Marriott Convention Center" and someone else sets up a rogue AP using the same SSID, then that's fair game, as the person running the rogue AP is either clueless, or has nefarious intent. If it's attacking "Bob's iPhone Network" then that's another matter.