Computer Crime Research Center

people/Billi.jpg

Windows Wi-Fi flaw confirmed

Date: January 18, 2006
Source: searchsecurity.techtarget.com
By: Bill Brenner

Microsoft said Tuesday that under certain circumstances, attackers could exploit an anomaly in how Windows 2000, XP and Windows 2003 systems establish wireless connections. But users can take simple steps to neutralize the threat.

Mark "Simple Nomad" Loveless -- senior security researcher for Mountain View, Calif.-based Vernier Networks Inc.'s Vernier Threat Labs and a self-described hacker -- released details of the glitch last weekend at the ShmooCon 2006 hacker conference in Washington, D.C. In his written findings, Loveless said, "If a laptop connects to an ad hoc network it can later start beaconing the ad hoc network's SSID as its own ad- hoc network without the laptop owner's knowledge. This can allow an attacker to attach to the laptop as a prelude to further attack."

The problem is essentially a configuration error that spreads virus-like from laptop to laptop, Loveless said in his written findings. In field tests, numerous ad hoc SSIDs such as "linksys," "dlink," "tmobile," "hpsetup" and others have been documented, he said.

A Microsoft spokesman said via e-mail Tuesday that the vendor investigated Loveless' findings and determined that "customers who have connected to an 'ad hoc' wireless network in the past that was not protected with wireless encryption could be lured into connecting to a malicious advertised 'ad hoc' wireless network under limited circumstances." But, he added, "Customers that are using a firewall and a fully updated system are at reduced risk from attack following this connection."

Customers can also neutralize the threat by configuring their systems to only connect to "infrastructure" networks in the advanced wireless configuration settings, the Microsoft spokesman said. "Due to the design of this feature," the spokesman added, "the most appropriate method for adjusting the default behavior is in a future service pack or update rollup."
Add comment  Email to a Friend

Copyright © 2001-2024 Computer Crime Research Center
CCRC logo