Apparently Marriott jamming wifi is trending now. As someone who has done a lot of research and practical work with wifi, wearing both white and black hats, let me try to clear up some confusion... Marriott (and other hotels) have, on and off, attempted to force users to pay for the in-house wifi services rather than use hotspots or other WIFI-based tethering by blocking (not jamming, a technical difference Ill explain in a bit) these hotspot devices using technology meant to defend a corporate network from hostile intruders using a rogue access point on that corporate network. This misapplication of a security tool has landed Marriott in hot water with the FCC (rightly so) because all WiFi gear is licensed under FCC Part 15, which states that devices licensed under this part cannot cause deliberate interference to other stations. Now some technical details: This isnt jamming. People using that term are either misinformed or repeating something they heard - again, from someone who was misinformed. Jamming is done with bursts of radio frequency (RF) energy, typically without any signal modulated within that burst. Essentially, radio jammers work by sending a loud burp of noise across the radio spectrum in the range they are designed to jam. Blocking WiFi signals selectively (remember, these hotels dont want to disrupt users on THEIR wifi, only the people who use their own hotspots) takes something more sophisticated. When a device connects to a WiFi access point (AP), it first has to negotiate authentication (yes, even on an open network). The client asks the AP to associate, the AP grants the association and then (if encrypted) a cryptographic key exchange happens. Those security tools I mentioned, meant to stop rogue (unauthorized) access points from being used to grant illicit access to a corporate network? They work by impersonating the target AP. Each network device has a MAC (media access control) address - this is an unique hex number that identifies a wired (ethernet, usually) or wireless device. Lets say I take a Linksys AP from home and try to hide it in a wiring closet at a bank. Even if I choose a hidden SSID (network name) for my illicit network, the packets in the air still have my APs MAC address on them. These security tools can identify this MAC address as not being an approved device, and heres where the selective part comes in: they IMPERSONATE my AP by forging the MAC address of my AP, then sending a packet to any associated devices saying deauthenticate - meaning that my session is over. Since a receiving station cant tell if it was the real AP or an impostor, it will terminate the association with the AP, disconnecting from the wireless network. Now if Im using a Verizon, Sprint, AT&T or T-Mobile hotspot instead of an AP attached to the corporate network, Im not breaking the law, right? Of course not. Im not stealing access to someones corporate network - Im using a commercial service that I PAY FOR. Still these hotels are misusing this technology to block hotspots and phones with hotspot functionality (by forging the same deauthentication packets), in a bid to force users to use their (often slow and oversubscribed) pay-for-use WiFi.
Posted on: Fri, 26 Dec 2014 00:22:07 +0000
Trending Topics
Recently Viewed Topics
© 2015