Microsoft discovers security risk where you thought there were none
WiFi off? Ethernet unplugged? Hackers are locked out, for now, right? Nope.
Microsoft has come up with an innovative flaw in Windows 7 that could put at risk even geeks that are more security conscious than most.
None of us are perfect, of course. We use passwords that aren't impossible to guess and impossible to remember; we don't use encryption so powerful even our own machines take hours to decode anything; we don't use VPNs full time.
But we know, generally, when we're at risk and when we're probably not, or though we did, until Microsoft mentioned a new twist yesterday (while patching the problem it pointed out) that we are vulnerable in situations we thought we couldn't be.
For instance, sitting quietly in a coffee shop (other than the Starbucks across from Black Hat), with the WiFi turned off, the Bluetooth talking only to our phones, our backs to the wall to ward off shoulder-surfers.
Unless we were already infected with keyloggers orTrojans, we'd be safe (except from Starbucks prices and the risk of being poisoned by the air of smug baristal purity).
Microsoft's innovation that would have put our security at risk even in that disconnected state is a flaw in the kernel of its Bluetooth implementation that would allow attackers to send us Bluetooth packets warped with malicious intent in such a way as to exploit a specific memory corruption flaw and give the attacker root access to our laptops.
They could install, delete or change anything we wanted without setting off any alerts or indication to show us what they'd done, and all we would have to do is be within 30 to 100 feet (Bluetooth radio range) and have our Bluetooth set to "Discoverable."
No alert would be sent to the legitimate user and there would be no indication a rogue user had been given root access, Joshua Talbot, security intelligence manager for Symantec Security Response told Krebs On Security .
The default setting for Bluetooth is "Undiscoverable," so it won't affect every machine that supports Bluetooth, Talbot said. Many laptops are set up to make connections as easy as possible, even to the point of turning Bluetooth on when the networking code thinks it should be looking for other networks (like when we turn off the WiFi switch, but don't mention that to Windows even though it complains that it has no connectivity).
It's enough to make you think running Windows while walking around an uncontrolled environment connecting invisibly with networks and devices of uncertain origin, coding and intent could be risky – or at least, more risky than we thought.
It's unsettling to think wireless networking could be even more insecure, but you know Microsoft: always pushing for that little extra bit of value. To someone.