Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows 7 Can Create Rogue Wi-Fi Access Point

Posted by timothy on from the feature-not-bug dept.

alphadogg writes "Windows 7 contains a 'SoftAP' feature, also called 'virtual Wi-Fi,' that allows a PC to function simultaneously as a Wi-Fi client and as an access point to which other Wi-Fi-capable devices can connect. The capability is handy when users want to share music and play interactive games. But it also can allow on-site visitors and parking-lot hackers to piggyback onto the user's laptop and 'ghost ride' into a corporate network unnoticed." While this means a bit more policing for networks meant to be locked down, it sounds like a good thing overall. Linux users, meanwhile, have had kernel support (since 2.6.26) for 802.11s mesh networking, as well as Host AP support for certain chipsets.

30 of 123 comments (clear)

  1. Hard shell, gooey centre security obsolete by anti-NAT · · Score: 4, Insightful

    De-perimeterization (perimeter erosion) Explained

    Distributed Firewalls

    --
    The Internet's nature is peer to peer - 20050301_cs_profs.pdf
    1. Re:Hard shell, gooey centre security obsolete by jhaar · · Score: 3, Interesting

      Actually, can someone explain to me what the real difference is between "master mode" and AdHoc or mesh networks?

      Why is it that only a few chipsets can "do" proper full-blown "master mode" (ie be an Access Point), and yet other chipsets can be used as AdHoc or mesh? I mean - what's the fundamental difference? I've been through this with Linux systems and can't understand why I can't just grab any WLAN card, bring up the interface and whack a DHCP server on it - why doesn't that work for them all?

      Just wonderin...

      J

    2. Re:Hard shell, gooey centre security obsolete by Cyberax · · Score: 2, Interesting

      "Master mode" means that your computer works as a central access point, other computers use it to relay the data.

      "Ad-hoc" is a special mode for masterless networks, but it allows to connect only two computers (in essence, wireless channel becomes an analog of good old Ethernet cable).

      "Mesh mode" is 'ad hoc' on steroids, it allows any number of computers to connect and uses dynamic routing.

      Master mode requires certain additional functionality from your card (managing connections, transmitting SSID information, resolving collisions, etc.) which some drivers were lacking. Fortunately, it's being fixed with the introduction of the new mac80211 stack in the Linux kernel it'll become better.

  2. Serious issues found with X by Josh04 · · Score: 5, Insightful

    Microsoft Z has been found to contain feature X, which purports to do Y but used incorrectly could instead cause W! Linux has had feature X since 20VV, the 'Year of the Linux Desktop'.

    1. Re:Serious issues found with X by goldaryn · · Score: 5, Insightful

      Microsoft Z has been found to contain feature X, which purports to do Y but used incorrectly could instead cause W! Linux has had feature X since 20VV, the 'Year of the Linux Desktop'.

      True. Incompetent users are the problem irrespective of platform. Never forget - computers do what you tell them to do, not what you meant them to do

      Watch us both get modded down now

    2. Re:Serious issues found with X by goldaryn · · Score: 4, Funny

      Insightful? He's got the century wrong!

    3. Re:Serious issues found with X by recoiledsnake · · Score: 2, Insightful

      Slashdot reported on it earlier, then it was complaining that it wasn't finished. Now it's complaining that it can be made to work.

      http://mobile.slashdot.org/story/09/11/03/1649246/Unfinished-Windows-7-Hotspot-Feature-Exploited?from=rss

      "It wasn't all that long ago that Microsoft was talking up the Virtual WiFi feature developed by Microsoft Research and set for inclusion in Windows 7, but something got lost along the road to release day, and the functionality never officially made it into the OS. As you might expect with anything as big and complicated as an operating system though, some of that code did make it into the final release, and there was apparently enough of it for the folks at Nomadio to exploit into a full fledged feature. That's now become Connectify, a free application from the company that effectively turns any Windows 7 computer into a virtual WiFi hotspot — letting you, for instance, wirelessly tether a number of devices to your laptop at location where only an Ethernet jack is available, or even tether a number of laptops together at a coffee shop that charges for WiFi."

      --
      This space for rent.
    4. Re:Serious issues found with X by natehoy · · Score: 4, Insightful

      No, a VENDOR who wants to sell you lockdown software is complaining that it can be made to work.

      --
      "This post contains words, known to the State of California to cause thought. Wash brain thoroughly after reading."
    5. Re:Serious issues found with X by DiamondGeezer · · Score: 4, Funny

      With Linux you have to recompile the kernel, perform a hardware patch between two delicate components using baling wire, do the hokey-pokey and sacrifice a chicken to Satan. THAT'S why its secure.

      Note to Linux fanboys - yes, I was being sarcastic.

      --
      Tubby or not tubby. Fat is the question
    6. Re:Serious issues found with X by maitai · · Score: 2, Informative

      Not only is it turned "off" by default, but requires third party software to make it work (not just enable it, but add the complete functionality) as mentioned a long time ago here http://mobile.slashdot.org/story/09/11/03/1649246/Unfinished-Windows-7-Hotspot-Feature-Exploited?from=rss

    7. Re:Serious issues found with X by CharlyFoxtrot · · Score: 5, Funny

      Never forget - computers do what you tell them to do, not what you meant them to do

      I have a mac you insensitive clod, it does what His Steveness (peace be upon him) meant it to do.

      --
      If all else fails, immortality can always be assured by spectacular error.
    8. Re:Serious issues found with X by hairyfeet · · Score: 2, Insightful

      You know, I always wondered why /. never points that out in TFA, because you would think that would be pretty relevant to the discussion. company with vested interest in selling you solution A says product B is insecure, therefor you need to buy solution A.

      From reading TFA (I know, but I got bored) it sounds like pretty much anything that connects to anything is gonna be labeled insecure by this guy, as it gives him a reason to sell you solution A. But pretty much any business should have figured out by now with things such as wardriving that wireless needs to be locked down, yes? Given the fact that MSFT has always been good about having just about every feature and piece of software that comes with Windows easily locked down via group policies, I don't see what the big whoop is. I'm sure Windows 7 Enterprise and Business has group policies for turning this off without requiring solution A.

      But any technology can be exploited if used incorrectly or just left unlocked for anyone to use. It will always have to be locked down by the IT department before deployment if they don't want to be pwned and are actually worth the money they are being paid. How exactly is this news again?

      --
      ACs don't waste your time replying, your posts are never seen by me.
    9. Re:Serious issues found with X by gbjbaanb · · Score: 2

      But any technology can be exploited if used incorrectly or just left unlocked for anyone to use. It will always have to be locked down by the IT department before deployment if they don't want to be pwned and are actually worth the money they are being paid. How exactly is this news again?

      Because most people using their laptop in a coffee shop and setting it up as a wifi hotspot are not going to be business users with a large corporate IT department behind them (mainly because such users will have had it disabled and told not to do it). Of course, the number of businesses who do not have a large corporate IT department (or a competent one) will also be using this feature.

      Don't forget that the 'corporate IT' with full TechNet training and MSVP guys is the very rare exception, not the rule. That's one of the things that people say is good about Windows - that it's so easy, anyone can use it.

    10. Re:Serious issues found with X by hairyfeet · · Score: 4, Insightful

      While all that you say is true, from what I understand (and I could be wrong) Windows doesn't have this activated by default, you have to turn it on. Any Linux install has the capacity to be an unsecured server, just hanging out there in the breeze for anybody to infect. We don't say that is a bad thing though, do we?

      MSFT added a feature. Now this feature, which could be very handy for those that need to share files or want to set up a quick gaming LAN, can be misused and cause security problems. That a handy OS feature can be misused and cause a security problem applies to just about every single program that can access the net. As for corporations? Well if they pay bottom dollar and and only hire the cheapest most underpaid flunky they can get to save a few buck, and they get pwned, I should care....why exactly? Good things cost good money, the same goes for people. if a company is so badly run that this single feature can completely turn their network security into a house of cards I think they have bigger problems, don't you agree?

      In the end the whole TFA felt to me like creating a bogeyman for them to defeat with their super neato security product. But you and I know security doesn't come in a can. it isn't some product you can just slap on the network and all is well. Security is an ongoing process, that must be planned, implemented, and adapt with changing conditions. And that all needs competent staff to implement correctly. in the end companies that go for bandaids like the TFAs product (which may be good for all I know) will end up failing miserably when some fool on their network does something stupid. This feature won't kill any networks, piss poor admins and security policies that don't exist will take care of that all by themselves, thanks.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    11. Re:Serious issues found with X by mr_mischief · · Score: 2, Funny

      Using Windows is very easy so long as you don't expect to install it with decent hardware support OOTB or with decent security OOTB. It's so easy to use that within an hour online, it's often being used by someone the owner never intended. ;-)

  3. Ghost ridin' the whip! by hkz · · Score: 5, Funny

    Ghost ridin' the whip! No seriously, I've been wanting to use the Linux host AP features to bring up a mischievous AP that does man-in-the-middle attacks. I'd be connected to some open wifi somewhere, and someone would connect to my netbook and also see an open access point. I'd then give them the upside-downternet: http://www.ex-parrot.com/pete/upside-down-ternet.html

    1. Re:Ghost ridin' the whip! by MrEricSir · · Score: 5, Funny

      I think you mean "ghost ride the WEP."

      --
      There's no -1 for "I don't get it."
  4. No biased reporting here on /. Just the facts. by DiamondGeezer · · Score: 4, Insightful

    I don't participate much in the bore-a-thon dick-measuring contest called "Windows v Linux" on /. but for the record, its crap reporting to claim that Windows 7's "SoftAP" is a "rogue" which allows "ghostriding" while Linux's "802.11s mesh networking" is somehow better because it pre-dates Windows 7 when it allows the same problem which needs to be policed.

    I have lots of criticisms of Windows generally and I run XP and Kubuntu, but SoftAP is a network management issue for corporate networks, not a "rogue".

    --
    Tubby or not tubby. Fat is the question
    1. Re:No biased reporting here on /. Just the facts. by gad_zuki! · · Score: 5, Informative

      Agreed, this is beyond stupid. You could do the same with XP if you like, but now its a little easier. I used to share a cellular card this way years ago. The "policing" and "lockdown" of "rogue" access points is like one click in group policy or a value in a reg key.

      Slashdot has become the fox news of tech.

    2. Re:No biased reporting here on /. Just the facts. by maxrate · · Score: 2, Insightful

      I couldn't agree with you more - seems a good few of the /. linux user base has 'something to prove' quite often. It gets old real quick. I just wish it would end.

    3. Re:No biased reporting here on /. Just the facts. by kevingolding2001 · · Score: 4, Insightful

      Also, how many corporate machines are running with wireless cards?

      More than you might think. At my work they issue everybody with laptops. They all have inbuilt wireless.

    4. Re:No biased reporting here on /. Just the facts. by ChunderDownunder · · Score: 2, Insightful

      Quite a number. Perhaps not your average cubicle-slave but certainly those in 'client-facing roles' and those encouraged to take work home with them (read unpaid overtime). If security is lax, don't underestimate teenage children in re-enabling features on their parent's work laptop. Then there's consultant teams hired on a project basis that bring their own hardware and aren't subject to internal re-imaging of machines.

  5. What is this crap by CSHARP123 · · Score: 5, Insightful

    Any OS will have problems if used incorrectly. This biased reporting is BS. It needs to stop.

  6. Easy Solution by The+MAZZTer · · Score: 4, Informative

    This doesn't seem like any more of a problem than someone jacking in to an empty ethernet port on your network, except that a) they can do it from outside the building wirelessly and b) any special software used by the 7 user to access the network could potentially helpfully forward packets from others, but that would probably be a fault of the software not checking the origin IP on packets...

    Anyways the fix is simple. Require authentication for all network resources. Windows enterprise solutions are set up like this by default and do it transparently using Windows login credentials. An intruder on your network would be unable to access anything. There is the LITTLE issue of exploits, so you can either batten down the hatches as much as you can and continually scan for suspicious network traffic, or you can try an alternate solution which may work better (a combination of both would be best):

    For complete security, IT could notify all employees that use of this feature is not permitted. On corporate machines it could be disabled or removed or steps taken to block access, but you must assume users are clever enough to get it working (not to mention booting from a LiveCD bypasses every protection known, except complete Windows software compatibility. Someone did mention Linux software that did this though, and my brother's WiFi card supposedly does it too with a special included application.). IT could also compromise and allow users to use it if it is properly configured, with clear steps outlining how to check if this is the case. However either way, severe penalties (starting with being kicked off the network until you have resolved the problem) would be issued for having an open access point. IT would have to periodically stage their own "attacks" to look for such hotspots and attempt to connect, and then lock the user out of the network if they are able to access the user's machine anonymously (ie folder shares with company files) or the network.

    OK so it's a long winded solution but basically: The problem isn't new, lock down systems with authentication best you can, routinely scan for hotspots and penalize users that put them up.

    Disclaimer: I am not a security expert but I like to think I've picked up a few things.

    1. Re:Easy Solution by Niobe · · Score: 5, Informative

      You are misunderstanding the problem. The PC running this feature becomes a router bridging their local and probably unauthenticated network with whatever secure network they are already connected to. Add network connection sharing to the mix and you have a security hole regardless of how 'locked down' the original network is. How big a problem this is will depend on the implementation and I haven't seen it.

    2. Re:Easy Solution by DavidD_CA · · Score: 4, Insightful

      Group Policy can disable this for all domain users in one click.

      And even if left on, what admin would allow a non-authenticated user access to anything on the network?

      Besides, if I had enough access to a machine to turn this feature on, couldn't I just take control of it via traditional means? Why bother.

      --
      -David
  7. Re:I need to check this out by mrbene · · Score: 4, Informative

    If you want easy-mode, check out Connectify. Timothy (the poster for this article) linked a story about Connectify back in November.

  8. Re:Linux Treats You Like An Adult.... by CannonballHead · · Score: 2, Insightful

    Yes, it's that simple... and for most people, they don't want to research all that.

    And if Linux wants to be popular with those people, it's going to have to change a bit.

    It's more than knowing how a computer works. The only thing you're talking about right now is software. You're not talking about having to know how a graphics card works in order to use it. You're talking about software configuration. But the problem I have with your simplistic explanation is this: for most people, a generic configuration does work nicely.

    And allow me to say I'm glad "Linux" didn't make my digital camera. I'd hate to have to go research on forums just to figure out how to take a picture at a different resolution than it was set at ;) Joking aside, I'm somewhat serious. Most people want to research how to configure things they like working on. Most people don't like working on the computer... most people like working on something ELSE on the computer.

  9. Re:Anyone see the Linux bias here? by pandrijeczko · · Score: 2, Interesting

    As I'm both a Windows XP and Linux user (and I like them both for their own reasons), let me explain this to you in more detail.

    Any Linux application I use holds it configuration in a text-based file somewhere on the system - either in my home directory, or globally under /etc somewhere. Whenever I want to change the configuration of an app, I can back up the old configuration just by making a copy of a text file.

    So if I'm messing about with the configuration of, say, Xorg (the modern implementation of the X-Windows GUI) to get a particular graphics card feature to work, it's quite possible I break Xorg and have to go scanning through log files to find out why what I did broke it. But I can also just copy back in the original /etc/X11/xorg.conf file and it will work again...

    If I'm messing about with some new kernel features, then I can end up putting in place a kernel that panics when I try to boot. But it's very easy to configure the GRUB bootloader to give you the option of booting from the last working kernel that you always keep a copy of, so if my new kernel borks then I can always boot back on the old kernel and try compiling a new one again.

    Yes, this stuff is all complicated, even to a Linux veteran like me, but as long as you act responsibly, think about the ramifications about what you are doing, and make sure you have a backout plan, it's not really a problem.

    Now explain to me how this would work in Windows? Don't get me wrong, XP is a bloody reliable OS (I can't comment on Vista or 7 because I've never used either) and uninstalling an application usually works to get you out of any mess you're in.

    But what about if that app trashes the registry, what do you do then?

    And why is it such a big deal whenever I try to backup my "Documents and Settings" directory in Windows, that it won't let me backup a lot of the files unless I boot into safe mode? Or how about I want to take my app settings from one XP machine to another? Presumably I have to use some convoluted backup program, whereas in Linux I can just use "cp" or "scp" over the network to send my home directory and all it's config contents somewhere else.

    I'm sorry, but if something happens on an OS that the user cannot prepare a reasonable backup plan for, then it's a flaw in the OS. No, it doesn't happen often in XP but even as recently as last week, there were reports of some automatic updates trashing users' PCs...

    --
    Gentoo Linux - another day, another USE flag.
  10. Re:Linux Treats You Like An Adult.... by pandrijeczko · · Score: 2, Interesting

    This is precisely the reason why I have a problem with so many people on here...

    There is *NO*, repeat, *NO* war being waged by Linux to defeat Microsoft. If there was, then it would have already won several battles when it comes to its penetration into server space and into embedded devices - but in the case of servers, it has done far more damage to displacing Sun Solaris, AIX, HP-UX and other "paid for" UNIX implementations.

    So there is no *desire* for Linux to be accepted, it's there as an alternative and some people who write apps or GUIs for it do look at how things are done in Windows and emulate it in Linux, because they assume that anyone who *chooses* to try it and is from a Windows background will at least have some familiarity.

    If anything, the fact that Linux is there and, in many cases, now a viable alternative to Windows, it has given Microsoft a "kick up the backside" to focus more on giving Windows users a better experience - I seriously doubt a Windows OS as reliable and as liked as XP would have existed without Microsoft fearing the uptake of Linux...

    --
    Gentoo Linux - another day, another USE flag.