Microsoft downplays Windows Wi-Fi 'anomaly'

A design flaw in Windows XP and Windows 2003 systems with built-in wireless capabilities could be exploited by hackers to lure Wi-Fi users into connecting to malicious wireless networks, according to Microsoft Corp., which recently completed an investigation of the issue.

Questions about the flaw were raised last week at a security conference by Mark Loveless, a senior researcher at Vernier Networks Inc. in Mountain View, Calif.

In a document posted on the Nomad Mobile Research Centre Web site, Loveless described the issue as an "anomaly" involving Microsoft's Wireless Network Connection. "If a laptop connects to an ad hoc network, it can later start beaconing the ad hoc network's SSID as its own ad hoc network without the laptop owner's knowledge," Loveless said in his advisory. "This can allow an attacker to attach to the laptop as a prelude to further attack." "8 "

Such a situation could arise, for example, when a laptop user with a wireless setup at home uses the laptop somewhere else, Loveless said in an interview with Computerworld. When started, the laptop automatically scans for networks with the same service set identifier (SSID) as the one used at home. If it can't find that network, it connects to any ad hoc wireless network in the vicinity.

The next time the laptop is started, it can start broadcasting the ad hoc network's SSID as its own ad hoc network. Attackers could look for and associate themselves with systems broadcasting in this manner, he said.

"This is basically a configuration error that spreads virus-like from laptop to laptop," Loveless noted in the advisory. He added that in field tests, numerous ad hoc SSIDs such as "linksys," "dlink," "tmobile" and "hpsetup" were documented as being broadcast in this way.