Slashdot Mirror
FCC Prohibits Blocking of Personal Wi-Fi Hotspots
alphadogg writes: The FCC on Tuesday warned that it will no longer tolerate hotels, convention centers or others intentionally interfering with personal Wi-Fi hotspots. This issue grabbed headlines last fall when Marriott International was fined $600,000 for blocking customer Wi-Fi hotspots, presumably to encourage the guests to pay for pricey Internet access from the hotel.
I would have been first had my WiFi not been jammed!
Can they prevent wireless companies from blocking hotspots next?
Physics is nothing like religion. If it was, we'd have an easier time trying to raise money!
Private hotspots aren't on your network.
It little behooves the best of us to comment on the rest of us.
If they won't let me unplug my employees private hotspots on my network, I will be mad.
You can unplug them. You just can't actively jam them.
Faraday cages don't jam signals. They insulate the inside from the outside.
You have to have a free pool to get a 5 star rating. Too bad the ratings companies around the world haven't required decent and free Wi-Fi. Major hotel chains would change their offers in a hurry when they are down rated to a 4 star hotel.
It would be legal to build a faridaycage around your hotel.
Illegal is transmitters that jam a band. They would need to be FCC approved. And the FCC isn't approving them.
Just like modems on laptops or in the server room are not a security risk?
The problem is that people can, and do, connect the same device simultaneously to the hotspot or the modem and to the internal network. And then they port forward. I've certainly caught people doing this, especially among non-technical staff who try out "this cool thing they read about". I'm afraid it's often even worse among software architects who use passphrase free SSL or SSH keys "to save time", who lock their passwords to never expire, and who are very careful never to explain what they're doing to anyone else.
I've encountered far too many cases of such setups used for business critical services, unknown to anyone else, that collapse during network cleanup efforts or when the employee finally moves on.
If the employees are turning on their personal hotspots and using that, you don't have a security problem. If they are both connecting to the hotspot and to your network, you can stop this by booting them off your network. What you can't do, though, is put a hotspot jamming device in place to knock out all personal hotspots.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
I worked NetSec for a global casino/resort company. At nearly every site a few times a month I would send local IT to go find wifi routers plugged into our network. Employees would bring in cheap routers because we didn't allow wifi other than the guest network which was strictly for corporate visitors (ie. sales reps, etc) and they wanted to use their personal devices for whatever. This happened even at corporate, where I sat.
Fifty watts per channel, baby cakes.
> If the employees are turning on their personal hotspots and using that, you don't have a security problem.
If they connect anything that lives inside your network, at any time, or that even has a VPN connection your internal networks at any time, you have a security problem. It may be one you choose to accept as a matter of policy, but the risk is very real. Worse. Most admins simply do not have the tools are buy-in to review and monitor systems for gateways, remote console access, or network tunnels that may expose your internal network through precisely such a hotspot or modem access.
I agree that by current regulation you may not run a hotspot jammer. The FCC regulations are quite clear about this, partly because they block other cellular communications and services such as telephones and GPS. But I'm afraid I disagreee vehemently with you that their use does not constitute "a security problem".
What I find most baffling about the whole affair is how something that one would ordinarily think of as a fairly overtly malicious exploit, spoofing the appropriate management frames to break a network you don't have authenticated access to the configuration interface for, became a 'respectable' tool for 'management', even included out of the box in fancy commercial products from vendors with risk averse legal teams and so on.
This seems like the place where somebody who has been dealing with enterprise wireless gear long enough to have observed the change might be found. Did this 'feature' cross over from what was initially a proof of concept by a security researcher? Was it recognized as a possibility before the standards had even been hammered out and was available from day one? Do we know what vendor adopted it first? Were there any who specifically didn't offer it for legal, rather than technical, reasons?
At this point, it is certainly the case that at least some wireless management consoles adopt a very...possessive...tone, detecting 'rogue' APs, despite those APs being no more or less legitimate than any others, in terms of spectrum use, and offering 'containment' or various similarly clinical euphemisms for dealing with them. How, historically, did it come to be that this nasty DoS trick went all legitimate, even as generalized hacker hysteria can get you a stiff dose of CFAA charges for almost anything that involves a CLI and confuses the DA?
I'd love to have my hands on all the versions of various vendors' wireless management and administration packages, to see how this feature evolved over time. I can certainly see its appeal; but I find it hard to believe that nobody had serious doubts about its legality from time to time.
If I jammed the hotels WiFi it'd be a criminal (more likely 'terrorist') attack. Should I be surprised there isn't a criminal investigation into hotels doing this to it's own customers?
1. Your stupid policy of no wifi created the behaviour.
2. Authenticate physical connections to your corporate LAN. This function has been built into most non welfare switches for at least 15 years