Is Your Laptop Connecting to a Malicious Wi-Fi Network?
Microsoft downplays Windows Wi-Fi 'anomaly' reported this week.
Exploiting a design flaw in Windows XP and Windows 2003 systems with built-in wireless capabilities, hackers could lure wi-fi users into connecting to malicious wireless networks, according to Microsoft, which recently completed an investigation of the issue. Mark Loveless, a senior researcher at Vernier Networks in Mountain View, California, raised questions about the flaw last week at a security conference. In a document posted on the Nomad Mobile Research Centre Web site, Loveless described the issue as an "anomaly" involving Microsoft's wireless network Connection. "If a laptop connects to an ad hoc network, it can later start beaconing the ad hoc network's SSID as its own ad hoc network without the laptop owner's knowledge," Loveless said in his advisory. "This can allow an attacker to attach to the laptop as a prelude to further attack." How It Works Such a situation could arise, for example, when a laptop user with a wireless setup at home uses the laptop somewhere else, Loveless said in an interview with Computerworld. When started, the laptop automatically scans for networks with the same service set identifier (SSID) as the one it uses at home. If it can't find that network, it connects to any ad hoc wireless network in the vicinity. The next time the laptop is started, it can start broadcasting the ad hoc network's SSID as its own ad hoc network. Attackers could look for and associate themselves with systems broadcasting in this manner, he said. "This is basically a configuration error that spreads virus-like from laptop to laptop," Loveless noted in his advisory. In field tests, he added, numerous ad hoc SSIDs such as "linksys," "dlink," "tmobile" and "hpsetup" were documented as being broadcast in this way. Users who configure their systems so that they don't connect to ad hoc networks--and those who use firewalls and properly patched systems--should be safe from the threat, he said. "There are a couple of conditions that need to be met before [the threat could be exploited]," Loveless said. "But it appears to me those conditions have been met in a lot of machines," based on field tests, he said. Microsoft Response In a statement, Microsoft said that its investigation of the flaw has "determined that customers who have connected to an 'ad hoc' wireless network in the past that was not protected with wireless encryption could be lured into connecting to a malicious advertised 'ad hoc' wireless network under limited circumstances." But those using firewalls and a fully updated system should be at "reduced risk" of attacks following such ad hoc connections, Microsoft said, adding that it's also possible to prevent such malicious connections by configuring systems to connect only to "infrastructure" networks. The company plans to release an update fixing the default configuration in a future service pack or security update rollup.
Reproduced from an article published by PC World
© PC World
The original article can be viewed here:
http://www.pcworld.com/news/article/0,aid,124401,00.asp
Permalink Bookmark Digg this story
