Recently I was baffled to see an ad hoc network in my house with SSID hpsetup. Time with Google eventually revealed that some forms of Microsoft Windows can advertise ad hoc networks that they have previously seen (e.g.,
and that some HP printers advertise a hpsetup network. So, as people lug their Windows laptop around, this network gets advertised in new places. (I don't know which versions are affected.)
I'm wondering, can this be transmitted from computer to computer, so that a laptop computer advertising this network might simply be one of a chain of computers where one saw a HP printer, and 'transferred' this ad hoc network with SSID preserved from one computer to another? I've only really played with infrastructure mode before, but I am intrigued to know if this 'contagion' can spread from Windows machine to Windows machine as people travel around, with ancestry far from the original HP printer.
"Wireless Auto Configuration sends probe requests to try to connect to the first ad hoc wireless network in the preferred networks list. An observer could monitor these probe requests and establish an unsecured connection with a Windows wireless client.
On a computer that has the Wireless Client Update installed, Wireless Auto Configuration does not send probe requests to connect to newly created ad hoc wireless networks in the preferred networks list. Because many ad hoc wireless networks are created for temporary wireless connectivity, you must use the Choose a Wireless Network dialog box to manually initiate a connection to an ad hoc mode wireless network."
mentions "it will automatically try to connect to a wireless network". I know that Vista's "Preferred Networks" config can be used to cause automatic connection. Aren't there lots of people with Windows set to connect automatically to the networks it sees?
This was covered recently in a Security Now episode (#80 I think), and was described as a harmless Windows bug. Here's the excerpt:
LEO: Thom in Cortland, New York raised his antenna and asked: I have a question about Wi-Fi. Recently I took my university laptop home. Instead of a presentation, I started the system. Instead of a presentation.
STEVE: Ahead of.
LEO: I'm sorry, I was misreading it. Ahead of a presentation. I started the system. The laptop is wireless. It automatically connected to an open hotspot in my building titled - oh, this is the Free Public Wi-Fi question. I like this one. I am certain - he got something, a hotspot saying "Free Public Wi-Fi." I'm certain there's no free public Wi-Fi and recognize this to be likely a scam hotspot. But I noticed it quickly; I shut the system down immediately. Even though I shut it down so quickly, and there's not any personal data on my machine, am I at any risk? Is it likely the hotspot was even able to do anything nefarious considering the quick shutdown?
Do you know the answer to this, Steve? Because I do.
STEVE: Go for it.
LEO: This is actually not a scam. When I first got this question on the radio, I said what you probably were planning on saying, which is it probably is a scam because there's no free public Wi-Fi. It's actually a bug in Windows. Did you know this?
LEO: Yeah, it has to do with...
STEVE: And I've also seen that, so I was wondering, isn't that a coincidence.
LEO: [Indiscernible]. Because if you've ever logged into an access point called "Free Public Wi-Fi," it has something to do with infrastructure Wi-Fi. I don't know the exact details, and I'll find the reference.
STEVE: Ah, right. I know, where you're going machine to machine instead of machine to an access point.
LEO: And this is actually, in a way, spreading like a virus because one guy apparently did it; right? And then other people saw it and joined it. There's nothing there. You can't get any Internet access from it. So they forgot it. But it persists. And it's in your system.
STEVE: It crept into your registry somewhere.
LEO: It shows up on other systems, and it has now spread across the land, and there are quite a few places where you will get online and see something called "Free Public Wi-Fi." It is a Windows machine in infrastructure mode that at one point logged onto another Windows machine in an infrastructure mode with "Free Public Wi-Fi" as one of the hotpots it had been to. I'll find the article because I did some research when this person asked me the question on the radio. And I answered it as you I'm sure were going to answer, which is, yeah, it's probably not a good idea to join such a thing.
STEVE: Right. We can say a little bit more, although I think that's very cool news.
LEO: It's fascinating, yeah.
STEVE: We can say a little bit more about this issue in general. That is, for example, if you were to find that your machine had automatically connected to a hotspot that you were suspicious of, first of all, answering this question, it's probably not the case that just the act of connecting could be a problem, so long as you've got - probably you're using Windows XP or maybe Vista. But one way or another you probably have a personal firewall on. So as we know, today's exploits generally are people going out through a firewall asking bad stuff to come back in, or in the case of a Wi-Fi, people, for example, doing nonencrypted email log-on where their username and password are going out in the clear. In both instances, the user is doing something with the computer, and somebody deliberately running a malicious Wi-Fi hotspot will be monitoring that. However, with the firewall up, just the act of connecting to even something malicious, as long as you recognize it and shut down, it's probably not - there's no opportunity for you to be infected in the normal case.
LEO: Yeah. And to add to this, it is a bad idea in general to log into ad hoc networks.
LEO: There's a difference, and you can tell, whether it's an infrastructure network or an ad hoc network. And an infrastructure one is with a Wi-Fi base station and, you know, like at the coffee shop and so forth.
STEVE: The normal style.
LEO: Ad hoc is coming off of somebody's computer. So you really probably don't want to join a network on somebody's computer. That would just be very trusting. The reference I'm going to put on the website is from Dwight Silverman's tech blog in the Houston Chronicle. That's where I saw it first. It's a great story, and it just - it's a bug in Windows. Microsoft says they plan to fix it at some point in the next XP Service Pack. But who knows when that's going to be. Unknown whether it's in Vista.