Windows 7 Can Create Rogue Wi-Fi Access Point

← Back to Stories (view on slashdot.org)

Windows 7 Can Create Rogue Wi-Fi Access Point

Posted by timothy on Friday February 19, 2010 @11:35AM from the feature-not-bug dept.

alphadogg writes "Windows 7 contains a 'SoftAP' feature, also called 'virtual Wi-Fi,' that allows a PC to function simultaneously as a Wi-Fi client and as an access point to which other Wi-Fi-capable devices can connect. The capability is handy when users want to share music and play interactive games. But it also can allow on-site visitors and parking-lot hackers to piggyback onto the user's laptop and 'ghost ride' into a corporate network unnoticed." While this means a bit more policing for networks meant to be locked down, it sounds like a good thing overall. Linux users, meanwhile, have had kernel support (since 2.6.26) for 802.11s mesh networking, as well as Host AP support for certain chipsets.

18 of 123 comments (clear)

Min score:

Reason:

Sort:

Hard shell, gooey centre security obsolete by anti-NAT · 2010-02-19 11:44 · Score: 4, Insightful

De-perimeterization (perimeter erosion) Explained
Distributed Firewalls

--
The Internet's nature is peer to peer - 20050301_cs_profs.pdf
Serious issues found with X by Josh04 · 2010-02-19 11:44 · Score: 5, Insightful

Microsoft Z has been found to contain feature X, which purports to do Y but used incorrectly could instead cause W! Linux has had feature X since 20VV, the 'Year of the Linux Desktop'.
1. Re:Serious issues found with X by goldaryn · 2010-02-19 11:49 · Score: 5, Insightful
  
  Microsoft Z has been found to contain feature X, which purports to do Y but used incorrectly could instead cause W! Linux has had feature X since 20VV, the 'Year of the Linux Desktop'.
  True. Incompetent users are the problem irrespective of platform. Never forget - computers do what you tell them to do, not what you meant them to do
  
  Watch us both get modded down now
2. Re:Serious issues found with X by goldaryn · 2010-02-19 11:55 · Score: 4, Funny
  
  Insightful? He's got the century wrong!
3. Re:Serious issues found with X by natehoy · 2010-02-19 12:51 · Score: 4, Insightful
  
  No, a VENDOR who wants to sell you lockdown software is complaining that it can be made to work.
  
  --
  "This post contains words, known to the State of California to cause thought. Wash brain thoroughly after reading."
4. Re:Serious issues found with X by DiamondGeezer · 2010-02-19 13:19 · Score: 4, Funny
  
  With Linux you have to recompile the kernel, perform a hardware patch between two delicate components using baling wire, do the hokey-pokey and sacrifice a chicken to Satan. THAT'S why its secure.
  
  Note to Linux fanboys - yes, I was being sarcastic.
  
  --
  Tubby or not tubby. Fat is the question
5. Re:Serious issues found with X by CharlyFoxtrot · 2010-02-19 13:30 · Score: 5, Funny
  
  Never forget - computers do what you tell them to do, not what you meant them to do
  I have a mac you insensitive clod, it does what His Steveness (peace be upon him) meant it to do.
  
  --
  If all else fails, immortality can always be assured by spectacular error.
6. Re:Serious issues found with X by hairyfeet · 2010-02-19 20:02 · Score: 4, Insightful
  
  While all that you say is true, from what I understand (and I could be wrong) Windows doesn't have this activated by default, you have to turn it on. Any Linux install has the capacity to be an unsecured server, just hanging out there in the breeze for anybody to infect. We don't say that is a bad thing though, do we?
  MSFT added a feature. Now this feature, which could be very handy for those that need to share files or want to set up a quick gaming LAN, can be misused and cause security problems. That a handy OS feature can be misused and cause a security problem applies to just about every single program that can access the net. As for corporations? Well if they pay bottom dollar and and only hire the cheapest most underpaid flunky they can get to save a few buck, and they get pwned, I should care....why exactly? Good things cost good money, the same goes for people. if a company is so badly run that this single feature can completely turn their network security into a house of cards I think they have bigger problems, don't you agree?
  In the end the whole TFA felt to me like creating a bogeyman for them to defeat with their super neato security product. But you and I know security doesn't come in a can. it isn't some product you can just slap on the network and all is well. Security is an ongoing process, that must be planned, implemented, and adapt with changing conditions. And that all needs competent staff to implement correctly. in the end companies that go for bandaids like the TFAs product (which may be good for all I know) will end up failing miserably when some fool on their network does something stupid. This feature won't kill any networks, piss poor admins and security policies that don't exist will take care of that all by themselves, thanks.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
Ghost ridin' the whip! by hkz · 2010-02-19 11:45 · Score: 5, Funny

Ghost ridin' the whip! No seriously, I've been wanting to use the Linux host AP features to bring up a mischievous AP that does man-in-the-middle attacks. I'd be connected to some open wifi somewhere, and someone would connect to my netbook and also see an open access point. I'd then give them the upside-downternet: http://www.ex-parrot.com/pete/upside-down-ternet.html
1. Re:Ghost ridin' the whip! by MrEricSir · 2010-02-19 11:48 · Score: 5, Funny
  
  I think you mean "ghost ride the WEP."
  
  --
  There's no -1 for "I don't get it."
No biased reporting here on /. Just the facts. by DiamondGeezer · 2010-02-19 11:47 · Score: 4, Insightful

I don't participate much in the bore-a-thon dick-measuring contest called "Windows v Linux" on /. but for the record, its crap reporting to claim that Windows 7's "SoftAP" is a "rogue" which allows "ghostriding" while Linux's "802.11s mesh networking" is somehow better because it pre-dates Windows 7 when it allows the same problem which needs to be policed.

I have lots of criticisms of Windows generally and I run XP and Kubuntu, but SoftAP is a network management issue for corporate networks, not a "rogue".

--
Tubby or not tubby. Fat is the question
1. Re:No biased reporting here on /. Just the facts. by gad_zuki! · 2010-02-19 12:01 · Score: 5, Informative
  
  Agreed, this is beyond stupid. You could do the same with XP if you like, but now its a little easier. I used to share a cellular card this way years ago. The "policing" and "lockdown" of "rogue" access points is like one click in group policy or a value in a reg key.
  Slashdot has become the fox news of tech.
2. Re:No biased reporting here on /. Just the facts. by kevingolding2001 · 2010-02-19 13:01 · Score: 4, Insightful
  
  Also, how many corporate machines are running with wireless cards?
  More than you might think. At my work they issue everybody with laptops. They all have inbuilt wireless.
What is this crap by CSHARP123 · 2010-02-19 11:57 · Score: 5, Insightful

Any OS will have problems if used incorrectly. This biased reporting is BS. It needs to stop.
Easy Solution by The+MAZZTer · 2010-02-19 12:09 · Score: 4, Informative

This doesn't seem like any more of a problem than someone jacking in to an empty ethernet port on your network, except that a) they can do it from outside the building wirelessly and b) any special software used by the 7 user to access the network could potentially helpfully forward packets from others, but that would probably be a fault of the software not checking the origin IP on packets...
Anyways the fix is simple. Require authentication for all network resources. Windows enterprise solutions are set up like this by default and do it transparently using Windows login credentials. An intruder on your network would be unable to access anything. There is the LITTLE issue of exploits, so you can either batten down the hatches as much as you can and continually scan for suspicious network traffic, or you can try an alternate solution which may work better (a combination of both would be best):
For complete security, IT could notify all employees that use of this feature is not permitted. On corporate machines it could be disabled or removed or steps taken to block access, but you must assume users are clever enough to get it working (not to mention booting from a LiveCD bypasses every protection known, except complete Windows software compatibility. Someone did mention Linux software that did this though, and my brother's WiFi card supposedly does it too with a special included application.). IT could also compromise and allow users to use it if it is properly configured, with clear steps outlining how to check if this is the case. However either way, severe penalties (starting with being kicked off the network until you have resolved the problem) would be issued for having an open access point. IT would have to periodically stage their own "attacks" to look for such hotspots and attempt to connect, and then lock the user out of the network if they are able to access the user's machine anonymously (ie folder shares with company files) or the network.
OK so it's a long winded solution but basically: The problem isn't new, lock down systems with authentication best you can, routinely scan for hotspots and penalize users that put them up.
Disclaimer: I am not a security expert but I like to think I've picked up a few things.
1. Re:Easy Solution by Niobe · 2010-02-19 12:18 · Score: 5, Informative
  
  You are misunderstanding the problem. The PC running this feature becomes a router bridging their local and probably unauthenticated network with whatever secure network they are already connected to. Add network connection sharing to the mix and you have a security hole regardless of how 'locked down' the original network is. How big a problem this is will depend on the implementation and I haven't seen it.
2. Re:Easy Solution by DavidD_CA · 2010-02-19 16:50 · Score: 4, Insightful
  
  Group Policy can disable this for all domain users in one click.
  And even if left on, what admin would allow a non-authenticated user access to anything on the network?
  Besides, if I had enough access to a machine to turn this feature on, couldn't I just take control of it via traditional means? Why bother.
  
  --
  -David
Re:I need to check this out by mrbene · 2010-02-19 12:15 · Score: 4, Informative

If you want easy-mode, check out Connectify. Timothy (the poster for this article) linked a story about Connectify back in November.