Simple wireless flaw revealed

Simple wireless flaw revealed
Published: 2006-01-16

A simple feature in the way Windows handles wireless connections could be exploited to gain access, according to information released this weekend at ShmooCon. A document on nmrc.org by Mark Loveless explains the process, which despite being quite simple may have implications for many wireless users.

The issue involves ad-hoc wireless connections, which are automatically created when the laptop is powered up and no infrastructure access points are available. The laptop in question assigns a private address in the 169.254.x.x space, and an SSID mimicking the last network it successfully connected to.

When a second computer comes within range, it may watch for the broadcast SSID of the first laptop and set its SSID to match, creating a local network setup, according to a posting by Brian Krebs.

The caveat is that any firewall at all, including the one built into Windows XP will prevent this from being exploited, as will setting the wireless configuration to connect only to infrastructure networks. This being said, there appear to be many users who have failed to take these steps -- According to Loveless’s presentation he has successfully used this technique on flights over international waters, where the legality of such a technique is still very much up in the air.

Posted by: Peter Laborge