Windows 7 tool can turn laptop into rogue Wi-Fi access point for hackers
SoftAP feature in the new OS could threaten enterprise security
By Joanie Wexler | Network World US | Published: 16:00, 23 February 2010
Microsoft Windows 7 contains software that can turn a laptop into a rogue Wi-Fi access point that masks the entry of hackers onto the corporate network, according to an engineer.
Windows 7 contains a "SoftAP" feature, also called "virtual Wi-Fi" that allows a single PC to function simultaneously as a Wi-Fi client and as an AP to which other Wi-Fi-capable devices can connect.
The capability is handy when users are wearing their consumer hats and want to share music and play interactive games during their off hours.
Related Articles on Techworld
But it also can allow onsite visitors and parking-lot hackers to piggyback onto the user's laptop and "ghost ride" into the corporate network unnoticed.
So says Gopinath KN, director of engineering at AirTight Networks, a wireless intrusion-prevention system (WIPS) and service company that has analysed the SoftAP capability. He says a Windows 7 device performs Port Address Translation, allowing a single public IP address to be used by many LAN devices (and exposing only certain Layer 4 port numbers).
So devices that associate with the Windows 7's virtual AP will be bridged into the wired network unseen because they will be hidden behind the "master" IP address.
The issue is more dangerous than Wi-Fi's peer-to-peer, or ad hoc, mode, says AirTight Vice President of Product Management Sri Sundarilingam. In peer-to-peer mode, the only data exposed are the local files and applications on participating users' laptops - not the whole corporate network.
AirTight, of course, has a vested interest in discussing the SoftAP vulnerability. WIPS products such as AirTight's and those from competitors such as AirMagnet and Motorola AirDefense scan the airwaves for unauthorised devices in the airspace - such as a Windows 7 SoftAP - and flag them as rogues that clients are not permitted to associate with.
So using WIPS is one protective option. Another is to provision the laptop with the SoftAP capability turned off and deny all Windows 7 users system administration rights so that they can't turn it back on.
Still another is to install mobile device management and/or security agent software on the laptop that enforces centralised policies such as disabling soft APs and ad-hoc Wi-Fi modes. Such software is available from a quickly growing number of companies in the mobile device management space. And AirTight, in addition to offering WIPS, also has such a client agent it calls SpectraGuard SAFE, which the company says can be used on any Wi-Fi, Bluetooth, 3G, infrared or WiMAX network.
Comments
Force Factor said: When we try to use the new magnifier with high-contrast which I dont use as I dont need 133 dpi is fine for me it goes back to the old screen magnifier which if I read correctly is a feature rather than a bug Doesnt makes much sense to me maybe the new magnifier should work even if aero is not the default themed no I mean if you have the hardware capability why not use themAs a part-blind legally blind user I thank your team for the high-dpi custom settings although it woul