A while back, we discussed that Windows 7 features a half-baked “SoftAP” feature, also called “virtual Wi-Fi,” that allows a PC to function as a Wi-Fi client and also as an Access Point (AP) a.k.a wireless router.
The idea is not new but, pretty nifty for sharing data, music, files with others other peers in absence of an actual AP. But often good features come with a backdoor. But it makes executions of certain nightmares handy, e.g.Visitors and parking-lot hackers can piggyback onto the user’s laptop and “ghost ride” into the corporate network, unnoticed.
The problem was first demonstrated at BlackHat by AirTight networks, a wireless intrusion-prevention system (WIPS). They first executed Rogue APs to fetch user’s frequently-connected Wifi, followed by how to make a wishful hacking on the victim’s machine.
Gopinath KN, director of engineering at AirTight Networks, says a Windows 7 device performs Port Address Translation (PAT), allowing a single public IP address to be used by many LAN devices (and exposing only certain Layer 4 port numbers). So devices that associate with the Windows 7’s virtual AP will be bridged into the wired network unseen because they will be hidden behind the “master” IP address.
The issue is more dangerous than Wi-Fi’s peer-to-peer(ad hoc) mode. In peer-to-peer mode, the only data exposed is the local files and applications on participating users’ laptops — not the whole corporate network.
WIPS products such as AirTight’s and those from competitors such as AirMagnet and AirDefense scan the airwaves for unauthorized devices in the airspace — such as a Windows 7 SoftAP — and flag them as rogues that clients are not permitted to associate with.
So using WIPS is one protective option. Another is to provision the laptop with the SoftAP capability turned off and deprive Windows 7 user’s admin rights, so that they can’t turn it back on.
Another way out is to install mobile device management, security agent software on the laptop that enforces centralized policies such as disabling soft APs and ad-hoc Wi-Fi modes. And AirTight, in addition to offering WIPS, also has such a client agent it calls SpectraGuard SAFE.