Re: [STDS-802-Privacy] FW: [802SEC] Marriott agrees to $600k payment to resolve FCC investigation into Wi-Fi blocking
Agree. And no, Juan Carlos, I do not agree that "this is an issue that is in scope for our SG and should be considered when making the threat analysis." In that case, the attack was analyzing the content of messages to find out access points, and the particular MAC used by these access points was irrelevant.
There is a slightly related attack using the OUI in the MAC to derive device type, and then selectively do something bad to a class of devices. That would be in scope, I believe.
-----Original Message-----
From: James Lepp [mailto:jlepp@xxxxxxxx]
Sent: Friday, October 3, 2014 11:58 AM
To: STDS-802-PRIVACY@xxxxxxxxxxxxxxxxx
Subject: Re: [STDS-802-Privacy] FW: [802SEC] Marriott agrees to $600k payment to resolve FCC investigation into Wi-Fi blocking
Hi,
I am in agreement with Phillip. While this particular regulatory/legal
domain settlement is interesting on its own, I don't see how this
particular "de-authentication frame attack" would be different if the
system used short-lived identifiers as opposed to long-lived
identifiers. It is a security issue as opposed to a privacy issue. And
in this case layer 8 of the stack is doing the enforcement instead of
our technical protocols.
Regards,
-James
On Fri, Oct 3, 2014 at 2:33 PM, Phillip Barber
<pbarber@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
> It is a common problem in wireless networks that permit non-authenticated
> state change messaging (for stateful technologies). Most modern wireless
> networking technologies overcome this problem by requiring either ciphering
> of state change messaging or at the very least authenticated signatures on
> state change messaging (hash of CMAC or HMAC digest, for instance).
>
>
>
> I would consider this more of a security issue than a privacy issue. The
> attacker may have no interest in the specific identity of a true user, only
> the need to sniff traffic out of the air and be able to identify a
> consistent identity of the true user such that the attacker can create a
> bogus state change message. I am not sure that privacy could or should
> attempt to address this problem. Security, certainly.
>
>
>
> Thanks,
> Phillip Barber
>
>
>
> From: Dan Harkins [mailto:dharkins@xxxxxxxxxxxxxxxxx]
> Sent: Friday, October 03, 2014 1:05 PM
> To: STDS-802-PRIVACY@xxxxxxxxxxxxxxxxx
> Subject: Re: [STDS-802-Privacy] FW: [802SEC] Marriott agrees to $600k
> payment to resolve FCC investigation into Wi-Fi blocking
>
>
>
>
>
> I used to work at a wireless mesh company that was putting up a free mesh
> network
>
> in Mountain View, CA. We received complaints about trouble getting on the
> network
>
> when people were in a certain public park. After much investigation it
> turned out that a
>
> company across the street from the park did not want their employees to
> connect to
>
> the free mesh network and set their APs to disassociate anyone that tried to
> associate
>
> to it— it was the "attack rogue AP" option. They apparently thought this
> would only
>
> affect people in their building but it actually affected a large portion of
> the park itself.
>
>
>
> Sounds like what Marriott was doing. And I'm sure Marriott thought it was
> a feature.
>
>
>
> Dan.
>
>
>
> On 10/3/14 10:35 AM, "Zuniga, Juan Carlos"
> <JuanCarlos.Zuniga@xxxxxxxxxxxxxxxx> wrote:
>
>
>
> FYI, another misuse of long-lived identifiers. In this case, the Privacy
> Threat is the use of MAC addresses to impersonate users and send the wrong
> packets to the network:
>
>
>
> “After conducting an investigation, the Enforcement Bureau found that
> employees of Marriott, which has managed the day-to-day operations of the
> Gaylord Opryland since 2012, had used features of a Wi-Fi monitoring system
> at the Gaylord Opryland to contain and/or de-authenticate guest-created
> Wi-Fi hotspot access points in the conference facilities. In some cases,
> employees sent de-authentication packets to the targeted access points,
> which would dissociate consumers’ devices from their own Wi-Fi hotspot
> access points and, thus, disrupt consumers’ current Wi-Fi transmissions and
> prevent future transmissions”
>
>
>
> Regards,
>
>
>
> Juan Carlos
>
>
>
> From: owner-stds-802-sec@xxxxxxxx [mailto:owner-stds-802-sec@xxxxxxxx] On
> Behalf Of John H Notor
> Sent: Friday, October 03, 2014 12:09 PM
> To: 802_EC; RR-TAG; REG_SC
> Subject: [802SEC] Marriott agrees to $600k payment to resolve FCC
> investigation into Wi-Fi blocking
>
>
>
> FYI,
>
>
>
> MARRIOTT TO PAY $600,000 TO RESOLVE WIFI-BLOCKING INVESTIGATION. Hotel
> Operator Admits Employees Improperly Used Wi-Fi Monitoring System to Block
> Mobile Hotspots; Agrees to Three-Year Compliance Plan. News Release.
> Adopted: 10/03/2014. News Media Contact: Neil Grace at (202) 418-0506,
> email:Neil.Grace@xxxxxxx EB
> https://apps.fcc.gov/edocs_public/attachmatch/DOC-329743A1.docx
>
> https://apps.fcc.gov/edocs_public/attachmatch/DOC-329743A1.pdf
>
>
>
> John
>
>
>
> John Notor
> President/Chief Technologist
> Notor Research
>
> Mobile: 1.408.316.8312
>
> Web: www.notor.com
>
> ---------- This email is sent from the 802 Executive Committee email
> reflector. This list is maintained by Listserv.
--
James Lepp
Standards Manager
BlackBerry Limited
1001 Farrar Road - Ottawa - Canada