Are there exceptions to this rule, i.e. legit uses for deauth mechanisms?
> Marriott admitted that the Wi-Fi users it blocked did not pose a security threat to the Marriott network.
> Similarly, Smart City submitted no evidence that the deauthentication was done in response to a specifically identified security threat.
It seems to me like it might still be okay to use WiFi deauth to automatically defend your network against security threats, such as foreign APs advertising the same SSID as your network?
The FCC isn't saying you can't use active measures to prevent a rogue AP from attacking users who intend to communicate with you. That's why they asked MC Dean to explain exactly how their interference helped secure its own network.
What they're saying is that you can't actively interfere with parties who want to use unlicensed spectrum to communicate with each other, even if they are physically on your property, and the fact that you must share bandwidth with them is not a valid excuse to do so.
Imagine if this were allowed. Would you accept it if someone else did the same to you, for instance a hotel guest would deauthenticate your use of your SSID?
Since no one owns the frequencies no one owns the SSIDs and there is no way to specify who is the legitimate user and who is the adversary. The only solution is if any one party just does not interfere in the business of the other.
That's easy enough to solve: you are only allowed to defend your SSID if you have taken reasonable steps to minimise the chance of a random name collision, and if this is really the most reasonable answer given your threat model.
For example you can't block all "Netgear WLAN" hotspots, but you can block all "Hotel Sunrise NY Guests" networks. And you can not block SSIDs similar to your private network simply because you are too lazy to specify the routers MAC in all your five devices.
But what if we are "Hotel Sunrise NY Guests"? Why wouldn't i use that name as a guest? I think if you want defensible randomization, you actually randomize it.
No. Because these are realistic rules enforced by real and reasonable people.
If you walk into Hotel Sunrise and start walking up to people and saying "I'm with Hotel Sunrise Guest Satisfaction, can I ask you some questions?" the defense "Well, I'm a Hotel Sunrise Guest and it was for my Satisfaction!" is not going to absolve you of any consequences that arise.
Hotel Sunrise guests would certainly connect to APs advertising that SSID. It would be pretty shady for them to set up their own APs with that SSID however.
I think that because the area involved is so local, the FCC is optimistic unlicensed spectrum users can come to consensus on that matter, otherwise it's going to have to deal with it in the more explicit, costly, and user inconvenient manner that it has done so in the past with identifiers used over less locally constrained, longer wavelength frequencies.
I think optimism is warranted. If someone local to you is being a dick with your SSID, you use technical (protocol level) countermeasures to disrupt them. This has been standard practice for a decade. If the attacker uses those countermeasures against legitimate users, apparently the FCC is now willing to respond with financial countermeasures against the attacker if it can.
If there were somehow a situation where the FCC was technically unable to respond, like say the attacker had a swarm of invisible drones equipped with access points advertising your SSID, then it would be helpless. The only solution would be to wait for vendors to come together through the IEEE or IETF with a standard to thwart the evildoers. (Probably years)
And it may yet come to that. But for now, the FCC clearly represents, at least within the United States, that corporate evildoers cannot blatantly perpetrate denial of service attacks on public spectrum without fear of sanction.
Yes, it is generally understood that the FCC rulings on WiFi jamming continue to permit WIPS/WIDS systems that actively mitigate rogue APs that appear to pose a security threat, and broadcasting your SSID without authorization would be a good example of this.
There was quite a bit of talk about this in the WIPS industry after these fines, and while I don't think the FCC has really made a clear clarification on the issue, the vendors have all put out statements that are similar variations on "it's okay for matching SSIDs" and I don't think there has been any contest to this. Vendors do recommend that you be careful that active mitigation will not impact APs operating off your property, implicitly even if they are broadcasting your SSID.
In general I think the FCC is taking an intent approach to this, from the security side - their rulings on WiFi jamming cases have generally specifically mentioned the lack of a reasonable security justification.
This is interesting, because SSIDs are not callsigns and not allocated or registered anywhere. Who's to say the enterprise network's claim on the SSID is more legitimate than the attacker's?
If you are at a HolidayInn, and connect to a HolidayInn SSID then a reasonable person would expect that to be assocated with HolidayInn Chain of Hotels, that is where HolidayInn would have a more legitimate Claim to the HolidayInn SSID then some random Person
Trademarks, Fraud, etc could be the legal basis for this.
There's not really any reason to use the same SSID as the enterprise other than to fool users in to connecting to it for malicious purposes, so targeting networks with the same SSID would probably fall under reasonable security procedures and not subject to this ruling.
> Marriott admitted that the Wi-Fi users it blocked did not pose a security threat to the Marriott network.
> Similarly, Smart City submitted no evidence that the deauthentication was done in response to a specifically identified security threat.
It seems to me like it might still be okay to use WiFi deauth to automatically defend your network against security threats, such as foreign APs advertising the same SSID as your network?