Monday, 20 February 2017

Windows 10 Lock Screen: Abusing the Network UI for Backdoors (and how to disable it)

This is a short blog post about a peculiar decision that Microsoft made. When you lock your computer on Windows 10, you are still able to connect to wireless networks. It's even possible to connect to new networks. You simply click on the network icon in the bottom right, and then add the wireless network:


So what's the deal with this? Well, it means that anyone can make your device connect to a possibly malicious wireless network. As an attacker you simply have to broadcast a network, wait until it shows up in the network list, and connect to it:


The victim will now automatically connect to the attacker's network whenever it is nearby. This is unwanted behavior. Since the victim automatically connects to it, it can be used to track the victim, and to intercept and manipulate his or her network traffic.


This is not ideal. When I lock my laptop, I don't expect someone to able to change my network configuration! But now someone can add a (possibly unencrypted!) wireless network to my config, and my device will automatically connect to it.

Thankfully, it's possible to disable the network menu at the lock screen. Open the Windows menu and type "Edit group policy" and open this tool. Now go to "Computer Configuration\Administration Templates\System\Logon" and enable "Do not display network selection UI":



And now the network icon is gone in your lock screen. No annoying people can now mess with your network configuration when you lock your device!

3 comments:

  1. Well, you can also plug-in an Ethernet Cable or an USB Ethernet Adapter. That is a general risk and not new at all!

    ReplyDelete
    Replies
    1. Both won't make the computer connect automatically after the attacker is gone. When the attacker makes the computer connect automatically to a Wifi network, there's a risk of connecting to a malicious network without noticing.

      Delete
  2. If your version of Windows 10 does not give you the option to edit group policies (like mine), you can make this setting in the registry:

    regedit
    Browse to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System and either set DontDisplayNetworkSelectionUI to 1 or create a new DWORD(32-bit) and set that to 1. Tested and verified.

    ReplyDelete