Re: [STDS-802-Privacy] FW: [802SEC] Marriott agrees to $600k payment to resolve FCC investigation into Wi-Fi blocking

[Phillip Barber <pbarber@xxxxxxxxxxxxxxxxxxxxxxx>]

It is a common problem in wireless networks that permit non-authenticated state change messaging (for stateful technologies). Most modern wireless networking technologies overcome this problem by requiring either ciphering of state change messaging or at the very least authenticated signatures on state change messaging (hash of CMAC or HMAC digest, for instance).

 

I would consider this more of a security issue than a privacy issue. The attacker may have no interest in the specific identity of a true user, only the need to sniff traffic out of the air and be able to identify a consistent identity of the true user such that the attacker can create a bogus state change message. I am not sure that privacy could or should attempt to address this problem. Security, certainly.

 

Thanks,
Phillip Barber

 

From: Dan Harkins [mailto:dharkins@xxxxxxxxxxxxxxxxx]
Sent: Friday, October 03, 2014 1:05 PM
To: STDS-802-PRIVACY@xxxxxxxxxxxxxxxxx
Subject: Re: [STDS-802-Privacy] FW: [802SEC] Marriott agrees to $600k payment to resolve FCC investigation into Wi-Fi blocking

 

 

  I used to work at a wireless mesh company that was putting up a free mesh network

in Mountain View, CA. We received complaints about trouble getting on the network

when people were in a certain public park. After much investigation it turned out that a 

company across the street from the park did not want their employees to connect to

the free mesh network and set their APs to disassociate anyone that tried to associate

to it— it was the "attack rogue AP" option. They apparently thought this would only

affect people in their building but it actually affected a large portion of the park itself.

 

  Sounds like what Marriott was doing. And I'm sure Marriott thought it was a feature.

 

  Dan.

 

On 10/3/14 10:35 AM, "Zuniga, Juan Carlos" <JuanCarlos.Zuniga@xxxxxxxxxxxxxxxx> wrote:

 

FYI, another misuse of long-lived identifiers. In this case, the Privacy Threat is the use of MAC addresses to impersonate users and send the wrong packets to the network:

 

“After conducting an investigation, the Enforcement Bureau found that employees of Marriott, which has managed the day-to-day operations of the Gaylord Opryland since 2012, had used features of a Wi-Fi monitoring system at the Gaylord Opryland to contain and/or de-authenticate guest-created Wi-Fi hotspot access points in the conference facilities.  In some cases, employees sent de-authentication packets to the targeted access points, which would dissociate consumers’ devices from their own Wi-Fi hotspot access points and, thus, disrupt consumers’ current Wi-Fi transmissions and prevent future transmissions”

 

Regards,

 

Juan Carlos

 

From: owner-stds-802-sec@xxxxxxxx [mailto:owner-stds-802-sec@xxxxxxxx] On Behalf Of John H Notor
Sent: Friday, October 03, 2014 12:09 PM
To: 802_EC; RR-TAG; REG_SC
Subject: [802SEC] Marriott agrees to $600k payment to resolve FCC investigation into Wi-Fi blocking

 

FYI,

 

MARRIOTT TO PAY $600,000 TO RESOLVE WIFI-BLOCKING INVESTIGATION.   Hotel Operator Admits Employees Improperly Used Wi-Fi Monitoring System to Block Mobile Hotspots; Agrees to Three-Year Compliance Plan.  News Release. Adopted:  10/03/2014. News Media Contact: Neil Grace at (202) 418-0506, email:Neil.Grace@xxxxxxx  EB  https://apps.fcc.gov/edocs_public/attachmatch/DOC-329743A1.docx

https://apps.fcc.gov/edocs_public/attachmatch/DOC-329743A1.pdf

 

John

 

John Notor
President/Chief Technologist
Notor Research

Mobile: 1.408.316.8312

Web: www.notor.com

---------- This email is sent from the 802 Executive Committee email reflector. This list is maintained by Listserv.