Security research group, Websense, has published preliminary findings of a study conducted to highlight the vulnerabilities of the Windows crash reporting system which claims that the information contained in the reports can be of great use to hackers in getting the blueprints of the targeted networks.
Windows error reports collected and sent by the Dr. Watson service, are not encrypted unless they contain user-specific data and are sent using regular HTTP protocol, which makes them vulnerable to interception by hackers or government agencies during transfer. Conceptually, a traditional man-in-the middle technique implemented at the ISP level can aid wiretapping for agencies such as the NSA. As reported recently, Windows error reports have been used as a way of gaining device identification information by the NSA in wiretapping and surveillance in addition to sideloaded spyware.
According to the research published by Websense, when a USB device is connected to a Windows computer an automatic report is sent to Microsoft containing the device identifier and manufacturer, the Windows version, PC model, BIOS version and a unique machine identifier. As a proof of concept, the research group was able to establish that an iPhone 5 had been plugged into a Sony Vaio notebook, and even get the laptop's machine ID by comparing a publicly available database of devices and identifiers.
The group has urged Microsoft and others who use telemetry to gain usage information to implement at least SSL encryption to protect the user data. Alex Watson of Websense will be presenting the complete findings of the research at the RSA Conference in San Fransisco on February 24.
Image via Microsoft
35 Comments - Add comment