Skip to main content

WiFi hacking enters a new dimension...

Interesting to read that ISS (opens in new tab)claims to have discovered a new hacking technique (opens in new tab)that allows a laptop to be remotely controlled by using WiFi device driver hacking.

Details of the mechanics of this approach will be shown at the upcoming Black Hat USA conference by David Maynor (opens in new tab), a research engineer with ISS, but it set my mind racing.

Device drivers are tight pieces of code that interface an add-on device, such as a PCMCIA card, to a PC. Could they really be hacked? (opens in new tab)

Until the late 1990s, no, but the arrival of Windows XP changes the ballgame, as it allows the loading of both trusted and non-trusted drivers, and identifies them as such.

In theory, if you've loaded a non-trusted device driver when installing a shiny piece of new hardware, that driver could then be overwritten by a hacker version of the driver.

This hacking approach is made easier by the fact that Windows XP - unlike earlier versions of Windows - allows device drivers to be overwritten without a prompt being displayed to the user.

So yes, if anyone were to rework a driver to call a routine from, say, the root directory - or even a Web page - then the driver could allow a PC to be remotely controlled.

I suspect there's a set of Windows call routines, however, that block such driver overwrites. That would preclude the easy updating of device drivers, but at least it would stop hacks of this nature...