Mooching around the show floor at RSA Conference Europe, on Tuesday, I had an interesting chat with Nicholas Miller, chief executive of a wireless security specialist called AirPatrol. It's a story that they have been pushing for a while now but not one that I have seen spoken about in much depth before.
Most people are aware of the war-driving phenomenon, where armed with some simply hardware, you can find unsecured corporate networks – it’s a story that was splashed all over the place a couple of years ago. Well Miller has moved the story on and has got pretty excited about a different wireless vulnerability - connected not with unsecured networks but unsecured laptops. By simply leaving your wireless modem switch on in a laptop, you could be exposing your company network to attack.
Thanks to the handy feature in Windows that automatically roams on to wireless networks that have been authenticated before – say a network called Linksys or Netgear for example – hackers can use this as a backdoor into a laptop. Miller showed off a wireless dongle that allows the user to see all the wireless networks in the immediate area – and all the wireless laptops that are connected to them but not only that – it also shows any laptop which has its wireless laptop switched on.
Hackers can also get hold of similar tools and according to Miller, can simply create a wireless network with the same name as the one the person happens to be connected to. If someone reconnects Windows y mathen automatically roam onto the hacker's network and with some more tinkering a hacker can get access to any shared files on your system pretty easily. A more experience hacker could use this back-door to do more damage, particularly in an organisation that may think it is locked down by not allowing its employees to use wireless but having no policy to prevent them from accidentally turning their wireless modem on.
Unsurprisingly, AirPatrol has come up with a fix for this problem – basically a software utility that alerts the user if their wireless modem is on when they are connected to a wired network cable. You'd think that this would be an easy utility that any IT department could create for their users but AirPatrol have actually patented it. They tried to get Microsoft to adopt it for Vista but according to Miller, "Microsoft were more interested in taking things off the list of stuff they were supposed to include in Vista – so weren't really interested in me trying to get them to add something else."
When pushed Miller couldn't actually cite an instance of anyone actually using this alleged back door for hacking but he is adamant it exists and is a real threat. I am not sure how much of a threat it is – as I usually remember to switch off my modem as it sucks battery for one thing but maybe there a lot of people out there who don't. I am sure there are other solutions to the problem - beyond AirPartrols or simply switching off your modem but it's an interesting yarn nonetheless.