But did they make more than $600K from the policy? I can see them getting that from one convention worth of connection fees.
the article so nice, it was posted twice.
wow. i wonder how deep the rabbit hole goes. was it just unscrupulous management at this one marriott, or was it higher up ?
That is a completely fabulous question. I’m curious whether or not this allows civil action. Because if you have a bunch of exhibitors who want their, say, $50,000 back from a few events there, that’s probably worth suing over with Marriott already agreeing to consent order. I’m not sure if the FTC gets involved (because this may be a fraudulent contract issue), etc. I’ll keep watching it. They could conceivably have to pay out millions.
Imagine if Marriott was doing this nationwide? No proof, but they’re barred from engaging nationwide. Could be a significant issue if it turns out they were.
I’m surprised that he FCC acted in such a business-hostile manner. Whatever happened to regulatory capture?
They’re not in bed with hotel chains?
Too many bugs.
We aren’t far enough in the future yet for real smart antenna arrays with adaptive pattern (think a single-chip version of a phased-array radar). That way the source of offending packets could be detected on the device, and the antenna pattern adapted to become low-sensitive in that direction. The antenna can track the other side’s antenna and send most of the energy in that single direction, instead of uselessly broadcasting to all sides. This will be a crucial step for lowering the power consumption of phones, so a matter of time to become common. (Go on, go on…!) As a bonus, “dumb” jamming will become more difficult.
A workaround is connecting the devices via Bluetooth networking. No deauth there. More difficult to set up and not always working.
A more advanced remedy, but limited to those willing to do kernel hacking on both ends of the link, is to have the deauth packets signed and have an option to reject unsigned ones. (Does that patch exist already?)
Rough idea. With a fast-enough software radio, could a local jammer detect a deauth packet header before it finishes, and send a burst of jamming signal in time to damage its end and prevent its reception by the device? (Would be problematic, these are pretty short. Todo: find how long, calculate their physical length in-air from packet length in microseconds and speed of light.) A jammer of a jammer?
Edit: According to here, the deauth packet is 28 bytes (assuming no payload). The last 4 are frame check sequence, aka checksum and error correction. The frame control field is first two bytes, the deauth bit is in the first one. So there’s a plenty of time between detecting the beginning of the frame and finding it is a deauth one, and receiving the checksum at the end.
If the jammer can send a jamming burst before the end of the packet, and damage enough bits beyond recovery, the packet will be discarded and won’t be acted upon. This would require a software radio board with both the reception and broadcast capability, and built-in FPGA for processing the data as there is no time to send them to the host computer for processing. (The “plenty of time” can evaporate pretty fast as the various delays stack.)
Yay for electronic warfare!
Also, the 802.11w spec seems to have solution for this.
The Salt Palace Convention Center in downtown SLC was doing the same thing around 2012. I worked IT support for a convention services company and we routinely used the 4G hotspots for connectivity for our reps’ laptops. I found out the center was doing this to our hotspots and reported them to the FCC. The workaround required us to plug-in to the laptops via USB and then use them as a modem instead of a wifi hotspot. I complained to the convention center staff and to the local newspaper’s tech guy. Not sure whatever happened with it as I have since changed jobs.
What’s a good way to detect and confirm these deauth attacks?
I was looking into that. It involves free software that’s not hard to use, but it’s not user friendly to parse. You can use airo-dump, but then you have to be able to read the output and interpret it. Perhaps someone will make a simpler tool that could use this software as the basis and just look for a few signs of certain behavior?
Maybe grep the output (or use tcpdump/wireshark with an appropriately set packet filter) to show only the deauth packets?
…could this be done as a smartphone app?
Worth noting that an IT friend said via Twitter that this sort of behavior is useful for shutting down “rogue hotspots,” which in an enterprise setting is useful. Many companies (or buildings) don’t want to have random Wi-Fi hotspots running, and the “jamming” wouldn’t be violating consumer-related principles because the people operating the hotspots would be employees or company visitors operating under the agreements of their employment or entering the building/campus, etc.
However, Marriott and others face two issues. First, they are a place of public accommodation, even though they are private businesses. They cannot refuse anyone’s business for discriminatory purposes and are subject to other laws. Some of that may apply here, because they are open to and serve the public. Second, they are specifically attempting to prohibit people from engaging in lawful activities that they are not allowed to, even if guests ostensibly signed contracts stating they wouldn’t! There are many cases in life in which a signed EULA or NDA or whatever contains unenforceable provisions.
The FCC’s consent decree, to which Marriott agreed, states that the reason for the Gaylord property shutting down other access points was specifically for commercial reasons, not for network management. Truly hostile APs can still be shut down, and that is what they will have to report to the FCC on as part of their compliance.
Remember that hotels and conference centers typically sell exhibitors Ethernet drops, not Wi-Fi. (I was reviewing one convention center document this morning that specifically said that Wi-Fi wasn’t a good way to contract with the center for access during events.)
But it should be noted that there are absolutely legitimate and (ostensibly) legal reasons for blocking rogue APs, when they are truly for network management or campus/enterprise control purposes.
There is no legal basis for interfering with access points that you do not own – whether they are on your property or not. It is a violation of FCC regulations (and likely a violation of other laws as well).
Wow, and I thought it was always just them building their facilities like WWII bomb shelters that makes internet at convention centers so terrible.
This must have been easier than producing a decent product at a reasonable price. It is always crap internet at convention centers.
It has been tacitly allowed: the FCC has to my knowledge not done any enforcement actions about this activity on private property, probably because they’d have to get a complaint from someone, and that would be likely an employee or contractor of the firm doing the rogue AP shutdowns.
However, this might produce some new concerns about rogue AP shutdowns everywhere. If it’s clearly illegal and one could be fined, this negates any agreement one would make about network usage, whether a student, employee, etc.
That absolutely used to be true. In the 1990s, hotels etc. were paying $1,000s to $10,000s per month to bring in bandwidth and run drops and all kinds of stuff. It was expensive and hard to recoup and so forth. But when it became relatively cheap, they didn’t change. Let’s for the sake of argument say it’s a sensible price given convention center overhead to charge $500 for three days of 3 Mbps access to an exhibitor in a trade show. Most are charging $5,000 to $10,000 for that. That’s insane unless you’re in a coercive, captive market.
Well they have labor and facility cost to recoup too. The real problem here is the same as airline bag fees. They sell their facilities for next to nothing and then bill absurd amounts for everything you consume once you walk in the door. Its a deceptive pricing method that leads to problems like the one we see here.