Windows Mobile devices attack desktops via ActiveSync
Oct. 01, 2008
Windows Mobile devices can be used as a tool for hacking into Windows XP computers, a security researcher has warned. Via ActiveSync 4.x, an attacker can take control of an otherwise-secure desktop computer, claims Seth Fogie, chief security officer at White Wolf Security.
According to an article published by Fogie, along with "proof of concept" code called ActiveSink, a hacker can walk up to a Windows XP PC with ActiveSync 4.x installed, plug in a Windows Mobile device, and have direct TCP/IP access to the computer. This works even if the computer is locked or logged out, he adds.
Such attacks are possible because of a communication component called RNDIS (remote network driver interface specification), introduced with ActiveSync 4.x, says Fogie. The RNDIS component gives ActiveSync the ability to transfer its syncing related data via IP packets within the USB connection, he adds.
"The problem is that in order for the ActiveSync operation to perform authentication of the session, the RNDIS connection must first establish an IP connection," he writes. "Once the IP addresses are assigned and TCP/IP data can flow, the syncing process starts. In other words, a Windows Mobile device connected to a system with ActiveSync 4.x running will have direct TCP/IP access through an uncontrolled and unprotected network interface."
Fogie claims that since this is a driver-level activity, the targeted PC does not need to be running a logged-in session for the IP connection to be created. An attacker will have access to all services that are set up to run on all interfaces, such as ports 25, 80, 110, 135, 137, 139, 445, and numerous others that have nothing to do with ActiveSync, he adds.
ActiveSink can attack a Windows XP PC (left) and obtain a command prompt on the system (right) (Click either image to enlarge)
Using the Metasploit "penetration testing framework," the Wireshark sniffing tool, and the troubleshooting tool Netcat, Fogie reportedly found a way to trigger the DCOM vulnerability. He then created a proof-of-concept application, ActiveSink (shown above left), capable of launching the attack automatically. When the attack has been successfully completed, the Windows XP command prompt is usable from the PDA (above right).
"ActiveSink" launching an attack on a Windows XP desktop PC Source: White Wolf Security (click to play)
Further information
The specific ActiveSink exploit apparently requires copies of Windows XP that have not been patched to eliminate the DCOM vulnerability in order to operate. For more information on the operating system patch, which was first released in July 2003, see Microsoft's website, see here.
To read Seth Fogie's article, "Exploiting systems through ActiveSync," see the InformIT website, here. To download the ActiveSink proof-of-concept code, the required copy of Netcat for Windows Mobile, and other background information, see the Wolf Security Systems website, here.
Visual Basic 6.0 to .NET Migration
This paper focuses on the methodology and techniques which Infosys (Microsoft Technology Center) has developed for migrating VB 6.0 Applications to .NET. Our approach ensures a smooth, cost effective, and efficient migration.
Mobile Device Security: The Eight Areas of Risk
It's common knowledge that adding mobile devices to your network increases security risks. There are multiple facets to mobile security, all of which should be paid close attention to. This E-Guide presents a more in depth look into the eight key areas of securing wireless devices.
Quality Assurance and .NET
This paper discusses best practices for functional, regression and load testing of .NET applications.
SCADA Security in Integrated Networks
As businesses leverage their SCADA systems by integrating them into the business networks, they must also assure the security of the SCADA system.
The Advantages of Small Form Factor HMI
HMIs have mutated and changed with new requirements, and they have become more flexible and capable. And while they've been doing that, they've become smaller and more useful.
9 Critical Requirements for Web Application Security
Learn why your Web applications expose dangerous security breaches and what’s required to effectively protect your Web applications and the sensitive information behind them.
Windows Mobile devices can be used as a tool for hacking into Windows XP computers, a security researcher has warned. Via ActiveSync 4.x, an attacker can take control of an otherwise-secure desktop computer, claims Seth Fogie, chief security officer at White Wolf Security.
news feed