Windows 7 tool can turn laptop into rogue Wi-Fi access point for hackers
SoftAP feature in the new OS could threaten enterprise security
By Joanie Wexler | Network World US | Published: 16:00, 23 February 2010
Microsoft Windows 7 contains software that can turn a laptop into a rogue Wi-Fi access point that masks the entry of hackers onto the corporate network, according to an engineer.
Windows 7 contains a "SoftAP" feature, also called "virtual Wi-Fi" that allows a single PC to function simultaneously as a Wi-Fi client and as an AP to which other Wi-Fi-capable devices can connect.
The capability is handy when users are wearing their consumer hats and want to share music and play interactive games during their off hours.
Related Articles on Techworld
But it also can allow onsite visitors and parking-lot hackers to piggyback onto the user's laptop and "ghost ride" into the corporate network unnoticed.
So says Gopinath KN, director of engineering at AirTight Networks, a wireless intrusion-prevention system (WIPS) and service company that has analysed the SoftAP capability. He says a Windows 7 device performs Port Address Translation, allowing a single public IP address to be used by many LAN devices (and exposing only certain Layer 4 port numbers).
So devices that associate with the Windows 7's virtual AP will be bridged into the wired network unseen because they will be hidden behind the "master" IP address.
The issue is more dangerous than Wi-Fi's peer-to-peer, or ad hoc, mode, says AirTight Vice President of Product Management Sri Sundarilingam. In peer-to-peer mode, the only data exposed are the local files and applications on participating users' laptops - not the whole corporate network.
AirTight, of course, has a vested interest in discussing the SoftAP vulnerability. WIPS products such as AirTight's and those from competitors such as AirMagnet and Motorola AirDefense scan the airwaves for unauthorised devices in the airspace - such as a Windows 7 SoftAP - and flag them as rogues that clients are not permitted to associate with.
So using WIPS is one protective option. Another is to provision the laptop with the SoftAP capability turned off and deny all Windows 7 users system administration rights so that they can't turn it back on.
Still another is to install mobile device management and/or security agent software on the laptop that enforces centralised policies such as disabling soft APs and ad-hoc Wi-Fi modes. Such software is available from a quickly growing number of companies in the mobile device management space. And AirTight, in addition to offering WIPS, also has such a client agent it calls SpectraGuard SAFE, which the company says can be used on any Wi-Fi, Bluetooth, 3G, infrared or WiMAX network.