SoftAP: Is Windows 7 Creating A Hole In Your Network Security?
Windows 7 is the latest operating system from Microsoft and while it has proved a big hit with consumers and corporations alike since its October 2009 launch, it is also presenting a new and potential highly damaging vulnerability.
The new 'SoftAP' or 'virtual Wi-Fi' feature is a first for Windows, and capitalises on the popularity of Wi-Fi - a way to connect to a network wirelessly via radio waves. The SoftAP feature allows PC users to connect to a Wi-Fi network, while simultaneously acting as an access point that other Wi-Fi users can connect to.
This differs to peer-to-peer WiFi sharing, which only allows access to the connected computer's local files. With SoftAP, any connected users are able to access the whole network.
The feature has been developed to allow more interactivity between consumer users e.g. sharing games and music, but in the corporate workspace, it represents a serious security risk, particularly in terms of detection. While great lengths might have been taken to ensure security on a corporate wireless network, just one user running the SoftAP software could potentially open up an unsecured gateway into the whole network through which a malicious third party could pass. What's more, because the malicious third party enters the network via the legitimate user's PC, its IP (network address) will not be shown on the network, making detection all but impossible.
In much the same way Computer Forensics experts have developed ways to track wireless internet activity, malicious criminal users have developed ways to 'sniff out' unguarded Wi-Fi hotspots, and having gained unfettered access to a corporate network, could install viruses, steal sensitive data, or use the host to send out spam. Worse still, they could acquire personal details that allow them access bank accounts, or commit fraud in the name of the company under attack.
At the time of writing, Microsoft have not introduced any additional measures to address this security risk, beyond the WPA2 passkey encryption that is already present and automatically set up when running SoftAP. However, as wireless connections with passkeys can be 'hacked', detection is a vital part of network security, so the vulnerability has not been fully addressed.
For corporations looking to protect against this risk, the best approach is to prevent staff from using the SoftAP feature by disabling the feature, and then removing users' administration rights so that it cannot be reactivated. For those users who require administration rights, an acceptable use policy should be in place to make it clear that use of the feature is prohibited.
Synopsis: Windows 7 is the latest operating system from Microsoft and while it's proving a big hit with consumers and corporations alike, it is also presenting a new and potential highly damaging vulnerability through its new SoftAp feature.