Wi-Fi security flaw hits Windows


Wi-Fi security flaw hits Windows

Antony Savvas

A Microsoft Windows feature that allows PCs to automatically search for Wi-Fi connections could be exploited by hackers.

The Wi-Fi feature in question is part of both Windows XP and 2000 and the flaw was reported at a hacker conference over the weekend.

Both MessageLabs and McAfee have confirmed the potential security hole.

The security opening is caused when a Windows PC boots up. The machine will then automatically try to connect to a wireless network.

If the machine can’t find a wireless connection it will establish an ad-hoc connection to a local address. This comes with an IP address and Windows matches this address with the ID of the last wireless network the PC connected to.

The process is designed to quickly allow a user to connect to a Wi-Fi network when one actually becomes available. But it also allows hackers to take advantage and potentially read files on the user’s machine.

The wireless ID of the last Wi-Fi network connected to will be broadcast and a wireless hacker could pick up the ID and try and directly link to the machine using a peer-to-peer connection.

As a result of the flaw, security experts have warned companies to make sure their staff use personal firewalls or are using Windows XP Service Pack 2, both of which prevents attacks.

Microsoft has so far not commented on the problem.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy