1/17/2006

Windows Wi-Fi Flaw Uncovered

Filed under: — By Aviran Mordo @ 7:58 am

A security expert has uncovered a potentially dangerous flaw in Windows that could enable unauthorized access to a PC via wireless connections. The specialist detailed his findings at the Shmoocon hackers gathering in Washington, D.C.

The vulnerability, affecting millions of
Windows 2000 and XP users, is related to the way in which the operating systems on notebook machines with built-in wireless capabilities automatically seek out a wireless network connection when they are booted up, said Mark “Simple Nomad” Loveless of Vernier Threat Labs.

Microsoft made it easy for users to connect to any available Wi-Fi network, but if the laptop cannot find a link, it assigns an ad hoc address link using the identity of the most recent wireless network accessed, Loveless explained.

“The laptop then starts advertising that local network link ID to other machines in close proximity,” he said. Thus, a hacker could create a network connection on a computer that matches the name, or SSID, of the network advertised by the target computer and use that wireless local area network link to get inside the target machine.

That, in turn, could lead to virus-type activity in which a laptop user unwittingly broadcasts an ad hoc, peer-to-peer connection to anyone who has accessed the same Wi-Fi network, Loveless said. In fact, he added, during a recent visit to an airport, he detected 62 separate machines advertising ad hoc networks.

Machines with an operational firewall are not affected by the vulnerability, including those running Windows XP SP2.

Source: newsfactor

 

Leave a Reply

You must have Javascript enabled in order to submit comments.

All fields are optional (except comment).
Some comments may be held for moderation (depends on spam filter) and not show up immediately.
Links will automatically get rel="nofollow" attribute to deter spammers.

Powered by WordPress