Marriott was fined $600,000 by the FCC for intentionally blocking guests from using their personal Wi-Fi hotspots at a hotel in Nashville. The FCC ruled that Marriott blocked consumers who did not pose a security threat. The document discusses the need for rules around Wi-Fi containment that allow hotels to securely manage their networks without harming legitimate users or wasting network resources, suggesting techniques like only containing devices under your control after confirming a violation and doing so surgically to minimize impact.
2. Marriott agreed to pay a $600,000 fine
after the Federal Communications
Commission found the company blocked
consumer Wi-Fi networks last year
during an event at a hotel and conference
center in Nashville.
http://transition.fcc.gov/Daily_Releases/Dai
ly_Business/2014/db1003/DA-14-
1444A1.pdf
RF Shock
@CHemantC
Marriott has agreed to pay a $600,000 fine
after the Federal Communications
Commission found the company blocked
consumer Wi-Fi networks last year during
an event at a hotel and conference center
in Nashville.
Marriott fined $600,000 by FCC
for blocking guests' Wi-Fi
VS
3. http://apps.fcc.gov/ecfs/document/view?id=
60000986872
AHLA Petitions the FCC
@CHemantC
“Wi-Fi Operators Should Have The Ability to Manage Their
Networks In Order To Offer Secure And Reliable Wi-Fi
Service”
“Wi-Fi networks are more susceptible to a variety of attacks
that can threaten the security and reliability of a hotel's
network or pose a risk to guests, including: (i) signal
interception; (ii) unauthorized network access; (iii)
unauthorized access points; and (iv) access point spoofing.”
4. FCC Warning on Wi-Fi Blocking
“No hotel, convention center, or other
commercial establishment or the network
operator providing services at such
establishments may intentionally block or
disrupt personal Wi-Fi hot spots”
Predicament:
Caveats and Partial Coverage of Use
Cases = Confusion.
@CHemantC
5. For the Rest of the Presentation …
Wear your engineering hat
Stay focused on security (WIPS)
Recognize concreate versus haze
Disclaimer: I am NOT a regulatory authority.
My arguments are based on technology knowledge
and civic sense.
@CHemantC
6. http://www.fcc.gov/document/warning-wi-fi-
blocking-prohibited
Any Wi-Fi device that is not mine is security threat,
must be crushed (contained)!
“Marriott International, Inc. deployed a Wi-Fi
deauthentication protocol to deliberately block
consumers who sought to connect to the Internet using
their own personal Wi-Fi hot spots. Marriott admitted
that the customers it blocked did not pose a security
threat.”
“No hotel, convention center, or other commercial
establishment or the network operator providing services
at such establishments may intentionally block or disrupt
personal Wi-Fi hot spots on such premises providing
services at such establishments may intentionally block or
disrupt personal Wi-Fi hot spots on such premises,
including as part of an effort to force consumers to
purchase access to the property owner’s Wi-Fi
network.”
“In addition, we reiterate that Federal law prohibits the
operation, marketing, or sale of any type of jamming
equipment, including devices that interfere with Wi-Fi,
cellular, or public safety communications.”
Brute Force =/= Security
Any Wi-Fi device
in the airspace
that is not mine
is a security
threat and must
be crushed
(contained)!
#WLPC@CHemantC
7. Finesse of Conscious Containment
Is there a way to use containment for
Wi-Fi security (WIPS), without:
Harming legit users sharing the airwaves
Causing airtime wastage
Human intervention
@CHemantC
8. Fin. Con. Con. Rules
1) Only contain devices that you
control
2) Confirm violation before
containment
3) Do containment surgically
@CHemantC
9. Client Containment
Definition:
Blocking specific client from connecting to AP
Clients that you control:
Enterprise assigned clients
For on-boarded clients (BYOD, Guest), take
opt-in permission if you plan to contain them
@CHemantC
10. Client Containment
Confirmed violation:
Block controlled client’s association to
Honeypot/Hotspot/Ad hoc network when it
happens
Surgical deauth:
Don’t disrupt other clients connecting to
Honeypot/Hotspot/Ad hoc network
Well timed, feedback based deauth for minimal
airtime consumption
@CHemantC
12. AP Containment
Definition:
Blocking any client from connecting to AP
APs that you control:
Managed enterprise APs
Rogue APs: Unmanaged APs physically
connected to enterprise wired network
@CHemantC
13. Confirmed violation:
Confirm rogue AP is physically connected to
your network (automatic or manual methods)
Surgical wireless containment:
Do not disrupt neighborhood APs without
knowing if they are connected to your network
Well timed, feedback based deauth for minimal
airtime consumption
AP Containment
@CHemantC
14. Wire-side containment is also an option
Can bypass the FCC issue altogether
Techniques: ARP tarpitting, switch port
blocking
AP Containment
@CHemantC
15. Closing Remarks
FCC vs Marriott spat opened a can of worms.
Regulatory guidance is missing for many use
cases.
Brute vs Fin. Con. Con. as technical matter.
Hope FCC will be clarify its stand on Fin. Con.
Con. and other use cases in future.
@CHemantC
16. Additional Information
FCC order and decree in the matter of Marriott International
Understanding FCC decision regarding Wi-Fi containment at Marriott by
Hemant Chaskar via @AirTight blog
Marriott Fined 600K by FCC for Blocking Guests Wi-Fi via SlideShare
FCC-Marriott WiFi Blocking Fine Opens Pandora’s Box by Lee Badman via
InformationWeek Network Computing
Wire-Side Containment – Hidden Gem of Rogue Access Point Protection
by Hemant Chaskar via @AirTight blog
AHLA Petition: Petition For Declaratory Ruling, Or In The Alternative, For
Rulemaking
FCC WARNING: Wi-Fi Blocking is Prohibited, January 27 2015
http://www.airtightnetworks.com/home/products/AirTight-WIPS.html