Windows Wi-Fi vulnerability discovered

TalkBack 33 of 38:

Next »

« Previous

• Thread View
• Flat View

Not entirely new but none the less a serious problem

This issue is obviously not a problem for sophisticated users and as usual, we hear the familiar refrain: "anyone with half a brain knows how to ..." from the computer literati; but therein lies the problem. Take a drive around any neighborhood or business park with a wireless laptop and you will see numerous access points set to the default settings and many without even basic WEP turned on. This means that many laptops are, in all likelihood, set up to automatically connect to those networks (either accidentally or on purpose). Just sit outside any office building with a WiFi router or access point, or as we now find out, a laptop with an ad-hoc connection profile with its SSID set to Linksys or tmobile, and see how many laptops connect to it. This is a very easy way for hackers to gain access to those laptops and also potentially to the office wired network that they may be simultaneously connected to. If anyone is in any doubt, check out this link (shameless self promotion!): http://cf.nbc5i.com/dfw/sh/videoplayer/video.cfm?id=4459208&owner=dfw
This ?new? threat pours gasoline on the fire as we now discover that the XP client can't tell the difference between a normal access point-to-laptop (infrastructure) WiFi mode and the less commonly used laptop-to-laptop (ad-hoc) WiFi mode. What is now being pointed out is that laptops set to automatically connect to normal infrastructure (laptop-to-access point) networks (which is bad enough but very common), will also mistakenly automatically connect to ad-hoc (laptop-to-laptop) networks with the same name (SSID). After they have made this connection, they are "infected" with this ad-hoc connection profile and will start broadcasting it, just as they previously broadcasted the Linksys infrastructure connection. Unfortunately, because of this vulnerability, all computers that subsequently connect to them also get ?infected? with the ad-hoc profile and so on and so on.

The bottom line is this; because of this vulnerability, all a hacker has to do to WiPhish a laptop, is set up a laptop with an ad-hoc connection set to ?Linksys? or ?tmobile?. As soon as a laptop set up this way is turned on, all other laptops in the vicinity that are set up to automatically connect to a network with the same name will start mistakenly connecting to the hacker?s laptop. A hacker sitting outside an office building or in an airport using this technique can gain access to many users? laptops, often without their knowledge, and create WiFi mayhem in the process by trying out different easily guessable network names like Linksys, Dlink or tmobile until they catch a Phish. Once connected to a user?s laptop, an experienced hacker can not only potentially access data on that laptop (all shared folders are immediately accessible) but can also potentially use the laptop?s authenticated connection to a wired office network to access other network-connected resources such as servers or other computers. OOPS!

Some say XP SP2 and Windows firewall solves the problem, but hands up all who are prepared to bet the security of their entire corporate network on Windows Firewall, assuming of course that it is turned on. Even if Windows firewall has been turned on and locked by the employees' network administrators, users can easily turn it off (so they can play their favourite MPORG) by downloading software readily available on the Internet for this specific purpose. This is a real problem, not just for users who do not know enough to secure their laptops properly, but more importantly for their employers. For this and other reasons, it is essential that organizations define wireless connectivity policies and have the means to enforce compliance with those policies on all laptops used for and at work. Before anyone inevitably points out that my company "conveniently" offers a solution to this problem - as if we invented it (more information is available at our web site at www.cirond.com, or at that of our exclusive licensee, AirPatrol Corporation, at www.airpatrolcorp.com ? more shameless promotion!), I would like to offer that this is the case for every vendor of any security solution, and that this in no way diminishes the extent or veracity of the threat.
Nicholas Miller,
CEO Cirond Corporation

Posted by: nicholasmiller   Posted on: 01/20/06 You are currently: a Guest | Members login | Terms of Use

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

SponsoredWhite Papers, Webcasts, and Downloads

• Using Red Hat Enterprise Linux AS to Achieve Highly Available, Load-Balanced Clusters Dell The Red Hat Enterprise Linux AS operating system integrates Cluster ... Download Now
• Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now
• Virtualization: Architectural Considerations And Other Evaluation Criteria VMware Of the many approaches to x86 systems virtualization available in the ... Download Now