| Thread Links | Date Links | ||||
|---|---|---|---|---|---|
| Thread Prev | Thread Next | Thread Index | Date Prev | Date Next | Date Index |
|
From: Christian Huitema [mailto:huitema@xxxxxxxxxxxxx]
Why would that be a privacy threat, by opposition to a basic denial of service?
[JCZ] A DoS attack is a type of intrusion and therefore a privacy-security threat. The model can be seen differently depending on the eye of the beholder.
I see this as making use of an IEEE 802 protocol identifier to interfere in a user’s life activity (e.g. by preventing you from tethering with your own phone). However, I guess someone else can also see it as a prevention of service from an AP/Hotspot. The privacy threat would be something like “employees of … have used a feature of a Wi-Fi monitoring system to track the movement of customers as they visited
each other room.” [JCZ] There is no mention that tracking was used, although it could have been the case. Or, “employees have used a feature of a Wi-Fi monitoring system to check the MAC address of visiting guests smart phones and compare them to users identities
through an online database…” [JCZ] There could have been a correlation between MAC address and user’s identity (or lack thereof) on a database. In any case, I hope that you agree this is an issue that is in scope for our SG and should be considered when making the threat analysis.
Juan Carlos From: Zuniga, Juan Carlos [mailto:JuanCarlos.Zuniga@xxxxxxxxxxxxxxxx]
FYI, another misuse of long-lived identifiers. In this case, the Privacy Threat is the use of MAC addresses to impersonate users and send the wrong packets
to the network: “After conducting an investigation,
the Enforcement Bureau found that employees of Marriott, which has managed the day-to-day operations of the Gaylord Opryland since 2012, had used features of a Wi-Fi monitoring system at the Gaylord
Opryland to contain and/or de-authenticate guest-created Wi-Fi hotspot access points in the conference facilities. In some cases, employees sent de-authentication packets to the targeted access points, which would dissociate consumers’ devices from their
own Wi-Fi hotspot access points and, thus, disrupt consumers’ current Wi-Fi transmissions and prevent future transmissions” Regards, Juan Carlos
From:
owner-stds-802-sec@xxxxxxxx [mailto:owner-stds-802-sec@xxxxxxxx]
On Behalf Of John H Notor FYI, MARRIOTT TO PAY $600,000 TO RESOLVE WIFI-BLOCKING INVESTIGATION. Hotel Operator Admits Employees Improperly Used Wi-Fi Monitoring System to Block Mobile Hotspots;
Agrees to Three-Year Compliance Plan. News Release. Adopted: 10/03/2014. News Media Contact: Neil Grace at (202) 418-0506, email:Neil.Grace@xxxxxxx EB https://apps.fcc.gov/edocs_public/attachmatch/DOC-329743A1.docx John John Notor Web:
www.notor.com ---------- This email is sent from the 802 Executive Committee email reflector. This list is maintained by Listserv.
|