Beware the rogue Wi-Fi access point in Windows 7

SoftAP feature in the new OS could threaten enterprise security

Article comments

Microsoft Windows 7 contains software that can turn a laptop into a rogue Wi-Fi access point that masks the entry of hackers onto the corporate network, according to an engineer.

Windows 7 contains a "SoftAP" feature, also called "virtual Wi-Fi" that allows a single PC to function simultaneously as a Wi-Fi client and as an AP to which other Wi-Fi-capable devices can connect.

The capability is handy when users are wearing their consumer hats and want to share music and play interactive games during their off hours.

But it also can allow onsite visitors and parking-lot hackers to piggyback onto the user's laptop and "ghost ride" into the corporate network unnoticed.

So says Gopinath KN, director of engineering at AirTight Networks, a wireless intrusion-prevention system (WIPS) and service company that has analysed the SoftAP capability. He says a Windows 7 device performs Port Address Translation, allowing a single public IP address to be used by many LAN devices (and exposing only certain Layer 4 port numbers).

So devices that associate with the Windows 7's virtual AP will be bridged into the wired network unseen because they will be hidden behind the "master" IP address.

The issue is more dangerous than Wi-Fi's peer-to-peer, or ad hoc, mode, says AirTight Vice President of Product Management Sri Sundarilingam. In peer-to-peer mode, the only data exposed are the local files and applications on participating users' laptops - not the whole corporate network.

AirTight, of course, has a vested interest in discussing the SoftAP vulnerability. WIPS products such as AirTight's and those from competitors such as AirMagnet and Motorola AirDefense scan the airwaves for unauthorised devices in the airspace - such as a Windows 7 SoftAP - and flag them as rogues that clients are not permitted to associate with.

So using WIPS is one protective option. Another is to provision the laptop with the SoftAP capability turned off and deny all Windows 7 users system administration rights so that they can't turn it back on.

Still another is to install mobile device management and/or security agent software on the laptop that enforces centralised policies such as disabling soft APs and ad-hoc Wi-Fi modes. Such software is available from a quickly growing number of companies in the mobile device management space. And AirTight, in addition to offering WIPS, also has such a client agent it calls SpectraGuard SAFE, which the company says can be used on any Wi-Fi, Bluetooth, 3G, infrared or WiMAX network.


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
* *