Marriott Hotel Fined for Blocking Guests Personal WiFi Hotspots

Sadly not all hotels offer a WiFi Internet service and some even charge excessive amounts for access, although in most of these cases it’s often possible to get your computer online by using a Smartphone to setup a personal WiFi hotspot via a Mobile Broadband link (3G, 4G). At least it is unless your hotel decides to deliberately block personal WiFi.

In this instance the hotel in question was part of Marriott’s global hospitality empire, the Marriott Gaylord Opryland in Nashville (Tennessee, USA). Ordinarily we wouldn’t cover a story from outside of the United Kingdom or EU, but this one raises questions about the behavior of other hotels and is certainly a very interesting story. The hotel also has an.. unusual name, which is a plus.

A quick search online reveals that most of the rooms being offered for Marriott’s convention focused hotel in Opryland do in fact include free WiFi, although this hasn’t always been the case and between 2012 and 2013 something sinister occurred. Certainly the USA’s Federal Communications Commission (FCC) probably wouldn’t have fined them £373k ($600k) on 3rd October 2014 for blocking their customers personal wifi hotspots if there wasn’t a problem.

FCC Statement

The FCC Enforcement Bureau’s investigation revealed that Marriott employees had used containment features of a Wi-Fi monitoring system at the Gaylord Opryland to prevent individuals from connecting to the Internet via their own personal Wi-Fi networks, while at the same time charging consumers, small businesses, and exhibitors as much as $1,000 per device to access Marriott’s Wi-Fi network.

The FCC’s Enforcement Bureau Chief, Travis LeBlanc, said, “Consumers who purchase cellular data plans should be able to use them without fear that their personal Internet connection will be blocked by their hotel … It is unacceptable for any hotel to intentionally disable personal hotspots while also charging consumers and small businesses high fees to use the hotel’s own Wi-Fi network.”

But how did the hotel manage to pull off such a feat without also screwing up their own WiFi network on the same frequency? Well for a start they didn’t jam the spectrum itself. The FCC ruling reveals that hotel employees sent de-authentication packets to the targeted access points, which tricked their guests devices into dissociating (disconnecting) from their own Wi-Fi hotspot access points and, thus, disrupt consumers’ current Wi-Fi transmissions and prevent future transmissions.

De-authentication packets are a familiar tool in the modern hacker’s arsenal and can often be used to help an attacker gain access to your wifi network by exploiting / examining the disruption (handshake process) that occurs as a result. Personal WiFi hotspots often aren’t setup in a very secure way and are much easier to hit, although a strong WPA2 passcode is usually enough to stop entrance. Never the less such “attacks” can also cause an annoyance and in this instance Gaylord Opryland did precisely that.

So far we’ve never heard of a reputable hotel chain using such tactics against their own guests, at least not as part of official policy, but it does make us wonder how many others might be attempting something similar and all to cover a lack of competitive WiFi provision.