|
I used to work at a wireless mesh company that was putting up a free mesh network
in Mountain View, CA. We received complaints about trouble getting on the network
when people were in a certain public park. After much investigation it turned out that a
company across the street from the park did not want their employees to connect to
the free mesh network and set their APs to disassociate anyone that tried to associate
to it— it was the "attack rogue AP" option. They apparently thought this would only
affect people in their building but it actually affected a large portion of the park itself.
Sounds like what Marriott was doing. And I'm sure Marriott thought it was a feature.
Dan.
FYI, another misuse of long-lived identifiers. In this case, the Privacy Threat is the use of MAC addresses to impersonate users and send the wrong
packets to the network:
“After conducting an investigation,
the Enforcement Bureau found that employees of Marriott, which has managed the day-to-day operations of the Gaylord Opryland since 2012, had used features of a Wi-Fi monitoring system at the Gaylord
Opryland to contain and/or de-authenticate guest-created Wi-Fi hotspot access points in the conference facilities. In some cases, employees sent de-authentication packets to the targeted access points, which would dissociate consumers’ devices from their
own Wi-Fi hotspot access points and, thus, disrupt consumers’ current Wi-Fi transmissions and prevent future transmissions”
Regards,
Juan Carlos
John
Notor
President/Chief Technologist
Notor Research
Mobile: 1.408.316.8312
---------- This email is sent from the 802 Executive Committee email reflector. This list is maintained by Listserv.
|