Jammin', we know you hate jammin' too: Marriott U-turns on guest Wi-Fi ban Marriott has lifted a ban on personal Wi-Fi hotspots in its hotels. Citing concerns about rogue wireless hotspots, Marriott disrupted guests' Wi-Fi networks by flooding the aether with disassociation packets. The move – which meant that guests and conference delegates were obliged to use the (expensive) Marriott-supplied Wi- …
This post has been deleted by its author
… said hotspot is attempting to lure other visitors to connect to it. i.e.
- by appearing to be a Mariott WIFI network (thus possibly someone attempting a MITM attack)
- by appearing to be a rival WIFI business (the network must be for personal use)
OR, if the WIFI network is improperly secured, since OS makers these days seem to think it's acceptable to have devices automatically connect to any open WIFI network (regardless of whether the owner wants it to or if it's legal to do so — a feature I turn off in short order) and having unsecured networks may expose other guests' personal data or enable MITM-style attacks if this were to happen.
However, it really should be detected first, an alarm raised, then a human decides how to act. A person operating such a device maliciously can be asked to leave. A person operating such a device in a non-malicious manner poses minimal risk, no more than what WIFI networks in neighbouring properties would do.
To the Mariott management, sure, DO have rogue access point detection enabled, so that it can flag a warning. Set up equipment so you can triangulate the position of said rogue AP. (There's a business opportunity for someone who can come up with some sensible kit that can do it reliably and inexpensively.) Then a human can decide if the threat is worth acting on.
DO NOT just assume it's a threat and jam it, that will get the likes of the FCC/Ofcom/ACMA/… upset as it will your customers. That is why you got fined. That is why you will be fined again if it continues.
No I'm not an employee or customer of the Mariott, not likely to. Even less likely too in light of these revelations. In fact I'd probably want to avoid staying at any hotel within RF range of a Mariott for these reasons too.
you'd know if something was spoofing a marriott hotspot if
-it gave some decent bandwidth
-you didn't have to go through "no I only want the free rate" dialog box every 24h
-a dialog box designed to be unreadable on a phone.
More succinctly "any time a Marriott wifi gives you a good user experience -it's a malicious base station"
Incidentally, they disable the HDMI ports on their TVs, putting them into "hotel mode", just in case you want to put a laptop or chrome dongle in and watch content of your own, rather than pay for some on-demand cruft coming from a betamax player behind the front desk
More succinctly "any time a Marriott wifi gives you a good user experience -it's a malicious base station"
In my experience (and I used to attend half a dozen conferences a year, between those I was presenting at and the ones I accompanied my wife to), all the chain conference hotels just contract out to one of the specialty providers in this area anyway. They're all terrible, but there's nothing special about Marriott - you get the same lousy service and experience with Hilton, Sheraton, etc.
That said, if I were running a conference hotel, I dare say I'd've contracted out WiFi too, when it became an expected perquisite. The local strip motel can get away with a DSL connection and a handful of COTS hubs; that's not going to fly in a conference hotel, with thousands of people trying to use the service simultaneously in a whopping great building full of steel and concrete. Unfortunately the suppliers that cater to hotels are rubbish, and the hotels all decided to try to turn it into a profit center.
This post has been deleted by its author
Oh, sorry squire, I scratched the record network -
sorry squire, I scratched the record network -
sorry squire, I scratched the record network ...
you can bet they'd lose almost all of their business customers
Not quickly. Many of the big conferences book hotels years in advance - prices are much better that way - and I've been to lots of conferences where cell reception was poor to nonexistent in the conferences rooms themselves, and people just went to the halls and lobby to make calls (send texts, Instagramnulate, use WhatASap, or whatever those damn kids do with their "phones" these days). It's an annoyance, and people complain, and they send nasty emails to the organization that runs the conference and/or the hotel, and then a week later they've forgotten about it.
JAMMING is against FCC rules. SHUNTING (which is what the Faraday cage does) is not.
The difference is that the former is an active method that involves flooding the airwaves with garbage. Since that has inevitable knock-on effects, doing that has been considered bad radio behavior since the tuned circuit was invented. And the FCC takes a firm stance that you're not allowed to interfere with anyone else's radio business without government sanction (and they usually reserve those for emergencies).
The latter is completely passive and, so long as it's only applied on a person's property, reflects a stance of the owner and doesn't usually affect anything outside the shunt. About the only exception I could see is if such a shunt stands between you and the transmitter.
More and more hotels are wising up to the fact that easy internet access is fast becoming as expected of the room as a bed is. I would say the day is approaching where discovering the net connection is not included is looked on with the same disdain as finding out there's no en suite in your room.
If they want to keep charging for Wifi and signal jamming, I say let them and watch the customers vote with their wallets.
Heck, around this town even the laundromats are competing in offering free WiFi.
Tell you what - you spec a WiFi network and Internet connection suitable for typical guest load for a laundromat and a conference hotel, and let us know if there's any difference.
Conference-hotel WiFi (like most conference-hotel amenities) is crap service at ridiculous price, but it is in no way comparable to what a strip motel or similar-sized business has to do for its "free" WiFi. Making that comparison is like complaining that a bus can't get the same mileage as a motorcycle.
"Marriott remains committed to protecting the security of Wi-Fi access in meeting and conference areas at our hotels."
There's your problem. You shouldn't be encouraging anybody to trust the security of your network. lUsers need to be taught not to trust any network they don't own, and what protections they need to take before using someone else's network.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
