adds Marriott to the list of businesses I’ll never visit again.
This won’t fly. Even FCC is not this dumb.
In case they get bribed, and/or in case of other countries where various subjects try pulling this crap, there still are ways, though less comfortable - but admittedly fairly low-tech. Before the Revolution (saying this always makes me feel old) the Radio Free Europe, the source of pro-western propaganda and the counterweight of pro-Soviet propaganda, was frequently jammed here. If you weren’t directly in line between the transmitter and the jammer, the workaround was wrapping the radio to a cooking metal foil, and attaching an external antenna in the form of a long wire, oriented in the right way so it got maximum signal from the transmitter and minimum from the jammer. When the radio had no external antenna port and you did not want to tinker with the insides, sometimes even just a few turns of the external antenna wire around the radio was sufficient to couple the signal to the internal antenna, making the wire a passive reradiator,
Same shield-and-couple tricks will be possible to do with the personal hotspots.
Jamming? This means war! War, I tell you!
But seriously, this is just a continutation of the hotel’s 20th century business idea, when they would gouge all the guests on phone service. Just dial ‘9’ for an outside line, right? We’ll just put it on your bill.
Now that everyone carries mobile phones, that business model is well and truly defunct. Maybe they can bill eveyone per DHCP session on the ethernet cable to their room. Yeah, that’s the ticket.
But nobody wants to fool with ethernet cables, and with more than a decade of experience with free/cheap WiFi in coffee shops and other hipster hangouts, people don’t really want the hotel to gouge them for WiFi. It isn’t like the personal hotspot is free, anyway, you have to pay for those little boogers.
So the bottom line is that Marriott is trying to revive a business model that is now dead for about twenty years, and failing. #megafail
As dacree said above, I am doing the same thing. I don’t travel much, but I use my own WiFi hotspot. I NEVER use the hotel’s. Ever. That is simply because I know nothing about their computer security while I know everything about mine. Now that Marriott is trying to block that personal hotspots, I will no longer give them my time or money. Even if they don’t succeed. The fact that they are making this attempt shows how they think.
Note that the industry association that represents nearly all hotels is co-filer on this petition, and Hilton separately filed in support of the petition.
My mobile AP has an ssid of “notahoneypot”.
…(it’s a honeypot)
“This typically involves sending deauthentication frames—frames are data packets in the wireless world—that either or both spoof the client or base station. (This is also a way to launch a denial-of-service attack, by a rogue hotspot spewing out such frames against legitimate local usage.)”
Guess what one of my old smartphones will be doing against the hotel’s network when I travel if this goes through…
Of course, from what I understand if you use a WPA2 network you can defeat the deauth attacks. Jamming? Not so sure, but what’s sauce for the goose is certainly sauce for the gander.
I did some more reading and it doesn’t mitigate the attack because it happens outside the handshaking for the secured session. Well… that sucks.
Does DD-WRT, Tomato, OpenWRT, etc. include anything that delays the deauthentication scheme to see if more packets come through, and ignore it if it does? My travel router has DD-WRT but can run most of those, IIRC.
Well thank goodness they’re acting to protect the children… somehow…?
That’s an oddly specific stock photo. “Man with broken leg gets poor WiFi reception by pool” ?
All fun and games until someone starts leaving portable jammers around to kill the Marriott’s WIFI in return.
Unfortunately, “senior in fursuit frustrated by MiFi Hostpot failing under sustained deauthentication attack at Marriott Marquis San Diego Marina” was already licensed by Bloomberg.
That made me snort.
Good info but aside from Hilton, I’ll give the others the benefit of doubt.
No, sadly — deauth still works with a WPA2-protected network. People will use deauth to force new four-way handshakes to capture data that can be used offline to crack weak WPA2 Personal passwords. However, my understanding is that you can build client software (or base station firmware) that is deauth-attack resistant. I don’t believe any widely used laptops or mobiles have this built in, though.
It’s sort of hilarious. The argument in the petition and some comments is that because some networks, by law or school regulation, require filtering content, the ability for someone to use a Wi-Fi hotspot that isn’t subject to those rules would somehow hurt children.
Which ignores the fact that most of the use in question is from a cellular device (phone, tablet, etc.) which has Internet access of its own, and isn’t proposed to be blocked. And can be used in tethered USB or Bluetooth mode without restriction. So, really, there’s no benefit at all except in connection sharing.
This could get interesting when the yet-to-be-written Android app to emit de-auth packets to the hotels
networks get widely distributed.
When we were traveling through the US we were shocked that pre-paid plans there don’t allow tethering. So it probably wouldn’t affect their international guests.
My wife forked out for a 2 gig data plan and barely used any of it.
Also we couldn’t get a sim for our phones at Honolulu airport while waiting for our connecting flight.
Over here (Australia) you can get a pre-paid sim at supermarkets, convenience stores, petrol stations, etc. Almost all of which allow tethering.
Frustrated Man With Laptop And Broken Leg? - WE GOT THAT B ROLL!