You mention that guest wifi can be sniffed and that the user does not require authentication.
Any non-encrypted WLAN traffic can be sniffed and that cannot be prevented.
Those devices can also spoof mac addresses and ip addresses to gain access to the guest network.
Long story short, I would layer something on top of that network like a preshared key to make it more difficult to sniff and access.