Marriot WiFi Jamming: Not Quite As Bad As It Sounds

Oct 09, 2014

Anybody who resents the high prices hotels charge for wifi might roll their eyes at the 'explanation' from Marriot but they were protecting their guests. The real question is at what cost?


Last week an FCC filing stated that the Marriott Gaylord Opryland Hotel and Convention Center deliberately used Wi-Fi jamming tactics that made it impossible for guests to use their own personal hotspots. This left Marriott's paid Wi-Fi as the only available (and very expensive) option. On Friday the hotel agreed to pay a $600,000 penalty and stop any signal-blocking activities.

It seems like a pretty clear case of greed but there are some subtleties to it. Despite the wording of reports what the hotel did not meet the standard FCC definition of “jamming”:


Generally, “jammers” — which are also commonly called signal blockers, GPS jammers, cell phone jammers, text blockers, etc. — are illegal radio frequency transmitters that are designed to block, jam, or otherwise interfere with authorized radio communications.


More specifically:


Jamming technology generally does not discriminate between desirable and undesirable communications. A jammer can block all radio communications on any device that operates on radio frequencies within its range (i.e., within a certain radius of the jammer) by emitting radio frequency waves that prevent the targeted device from establishing or maintaining a connection.


Instead the hotel used a feature built into their own Wi-Fi system to interfere with outside signals. When activated it sends de-authentication packets to any Wi-Fi Internet access points (like mobile HotSpots) that are not part of Marriott’s official network. The wording of the FCC filing says:


Marriott operates a Wi-Fi monitoring system manufactured by a third party that was installed at the Gaylord Opryland. Among other features, the system includes a containment capability that, when activated, will cause the sending of de-authentication packets to Wi-Fi Internet access points that are not part of Marriott’s Wi-Fi system or authorized by Marriott and that Marriott has classified as “rogue”.


FCC Enforcement Bureau Chief Travis LeBlanc added the following:


"It is unacceptable for any hotel to intentionally disable personal hotspots while also charging customers and small businesses high fees to use the hotel's own Wi-Fi network. This practice puts customers in the untenable position of either paying twice for the same service or forgoing Internet access altogether.”


The hotel of course has a different opinion. A rep reportedly explained that they were trying to protect their guests from "rogue wireless hotspots that can cause degraded service, insidious cyber-attacks and identity theft.”


Who’s right?

Using their technology to disable the use of a properly secured personal hotspot is unfair, inappropriate and, according to the filing, illegal. Guests that want to use their own hotspots should not be forced to pay much higher prices to use wifi offered by the hotel.

At the same time the hotel was almost certainly protecting guests from perils such as “evil twin” attacks. These involve perpetrators that set up an open network that looks real (by giving it an official sounding name) and then snooping on the information that flows across it.

Unless they are using some kind of VPN a guest that gets tricked into thinking the evil twin is a real network does face very real risks (including identity theft). It’s very dangerous, and the hotel was indeed providing protection.

The problem was the cost of that protection. To protect against the possible threat of evil twin attacks the hotel certainly punished countless guests that wanted to use their own secure hotspots. The cost can be argued to have outweighed the benefit, and the fact that it was ultimately so profitable for the hotel makes it seem like their motives were entirely selfish.

With some discretion they could have provided meaningful protection without punishing guests by crippling their hotspots. The filing says that the hotel could send 'de-authentication packets to Wi-Fi Internet access points… that Marriott has classified as “rogue”'. That means that they could have selectively disabled any access points that appeared to be evil twins. This would have protected the guests susceptible to such attacks, without disturbing guests using their personal hotspots.

Tags: Security

Related Content

How To Migrate Google Authenticator To A New iPhone

Instructions on how to move Google Authenticator to a new iPhone so you don't lose access to accounts with two-factor authentication enabled.

Why Have Security Questions After Password Authentication?

Asking security questions after password authentication is not just pointless, it actually makes things less secure.

How To Securely Hide (and Encrypt) Files On Mac OS X

How to hide/secure files on your Mac: An easy approach to protecting your data by securing, hiding, and encrypting selected files and folders in Mac OS X.

Security Through Obscurity On Mac OS X – Better Solutions

A look at how security through obscurity (hiding files) is doomed to fail in Mac OS X, plus a look at some easy ways to truly secure files on your Mac.

Showing Hidden Files vs Hiding Regular Files in Mac OS X

They might seem like flip sides of the same coin but the techniques used to show hidden files on a Mac are not the best solution for securely hiding files.

What Does Incognito/Private Mode Really Mean?

The incognito or private mode in your web browser can offer you some additional privacy but not as much as you may think, and you still need to be careful.

"Your Apple Device has been locked..." Another Scam

Does "" say "Your Apple Device has been locked, due to security reasons"? Don't panic, it's not – just don't call the number!

Short Guide to (Finding, Sharing, etc.) SSH Keys on Mac OS X

A short guide to SSH keys and Mac OS X: How to create, find, share and add SSH Keys (and deal with related SSH errors and warnings) on Mac OS X.

Open Safari Without Opening Windows From The Last Session

How to open Safari without automatically re-opening windows/tabs from the last session. This can save you if you ever run into ransomware.

Multi-Factor Authentication With Google Authenticator

Using Google Authenticator to increase digital security through the use of multi-factor authentication.

Category List

Tag List

Tag Cloud