Windows Wi-Fi Security Flaw Discovered

RealTechNews notes that over the weekend at the ShmooCon Hacker conference in D.C., hacker Mark "Simple Nomad" Loveless released info on a relatively serious Wi-Fi security flaw that's present in any recent version of Microsoft Windows.

As Brian Krebs explains on his Washington Post tech security blog, the problem comes from the fact that Windows broadcasts the name or SSID of the last network you connected to when it attempts to start any new connection — and if it finds that SSID, it automatically connects to it without checking with you first. As a result, a hacker can simply set their laptop to that SSID as well, then connect to your computer without you knowing it.

And Krebs point out that it doesn't only make you vulnerable to an intentional hack — if you just got back from Starbucks, and you start up your laptop in the vicinity of another laptop that was recently at a Starbucks (pretty common these days), your two computers will connect without either of you necessarily knowing it. That creates a viral web of unintentional ad-hoc networks — a nightmare for Internet security.

Krebs' article explains how to protect yourself against this, and Loveless has also posted full info on the vulnerability here.


Leave a Reply