NMRC writes that the problem arises because Windows computers using those particular operating systems automatically start to try and link to the last access point that they connected to, looking for the SSID name of the AP. Often these WiFi indentity tags are simply the name brand of the AP -- "Linksys," for instance.
An attacker trying to gain access to a user's laptop could "listen" for the SSID and set his or her laptop to mimic the tag and make an ad hoc wireless connection between the two machines. "This can allow an attacker to attach to the laptop as a prelude to further attack," says NMRC.
Interesting, NMRC says it did some of its field tests around this vulnerability by making ad hoc connections to people using laptops on planes, who were unaware that they were broadcasting a WiFi signal. Currently it is against Federal Aviation Administration rules in the U.S. to use WiFi while in flight, but many laptops automatically try to make connections on boot-up.
"This has a couple of ramifications," claims the research center:
- The first is that if wireless laptops with the wireless adapter enabled were capable of interfering with the navigational systems as claimed by the airlines, then we would be having numerous in-flight incidents due to the high proliferation of WiFi-enabled laptops used by business people on flights.
The second ramification is that users sitting on a plane at 35,000 feet are not going to be suspecting a network attack against the laptop in the lap, and so any odd "side effects" from probe and attack attempts (service crashing, blue screen or a restart) will be dismissed as a local system anomaly and not an attack, allowing the attacker to be a little more aggressive.
Whether many users are actually savvy enough to make these manual changes is another question.
NMRC says that it started speaking to Microsoft about the vulnerability late last year and that the software giant intends to include a fix in its next round of service packs.
— Dan Jones, Site Editor, Unstrung