Hackers find security hole in wireless Windows

A Windows feature that automatically searches for wi-fi connections can be exploited by hackers, a security researcher has warned.

The feature is part of Windows XP and 2000 and was exposed as being vulnerable at hacker conference ShmooCon on Saturday by vulnerability researcher Mark Loveless.

Loveless claimed hackers can take advantage of the feature to include a user's PC in a peer-to-peer network, giving them access to information on its hard drive.

When a PC running Windows XP or Windows 2000 boots up it will automatically try to connect to a wireless network. If the computer can't set up a wireless connection, it will establish an ad hoc connection to a local address. This is assigned with an IP address and Windows associates this address with the SSID of the last wireless network it connected to.

The machine will then broadcast this SSID, looking to connect with other computers in the immediate area.

The danger arises if an attacker listens for computers that are broadcasting in this way, and creates a network connection of their own with that same SSID. This would allow the two machines to associate together, potentially giving the attacker access to files on the victim's PC.

Security experts on Monday confirmed the flaw exists but said it should not be a problem for those using firewalls.

Paul Wood, security analyst at MessageLabs indicated users will probably be unaware that their computers have connected to the peer-to-peer network in such a way.

MessageLabs believes users running Windows XP Service Pack 2 (SP2) are not at risk.

Mark Sunner, chief technology officer at MessageLabs, said: "This yet again is a wake-up call for those who haven't installed SP2. Any machines running a copy of XP without SP2 are saying 'Come and get me', as there are so many gaping threats."

Experts recommended companies deploy a security policy, if one isn't already in place. Sunner said: "Any organisation deploying a wi-fi network needs to implement a company security policy. The potential victims are the road-warrior community. Does the in-house security department have a mechanism to check the visibility of remote machines?"

MessageLabs also recommended individual teleworkers be given personal firewalls.

Individuals can also protect themselves by disabling wi-fi when not using it, said Greg Day, security analyst at McAfee.

He said: "Hackers are trying to class this as virus-like. You become part of the problem because your machine is now broadcasting on a peer-to-peer network. However, all this gives hackers is the ability to see other machines - they still have to write exploits. But if the user is patched or has a firewall, they are protected."

Criminal gangs are unlikely to target this flaw as it would be too labour-intensive to exploit, predicted MessageLabs, saying that it was "really a threat from script kiddies".

Microsoft had not responded to a request for comment at the time of writing.

Tom Espiner writes for ZDNet UK