Monday, 20 February 2017

Windows 10 Lock Screen: Abusing the Network UI for Backdoors (and how to disable it)

This is a short blog post about a peculiar decision that Microsoft made. When you lock your computer on Windows 10, you are still able to connect to wireless networks. It's even possible to connect to new networks. You simply click on the network icon in the bottom right, and then add the wireless network:

So what's the deal with this? Well, it means that anyone can make your device connect to a possibly malicious wireless network. As an attacker you simply have to broadcast a network, wait until it shows up in the network list, and connect to it:

The victim will now automatically connect to the attacker's network whenever it is nearby. This is unwanted behavior. Since the victim automatically connects to it, it can be used to track the victim, and to intercept and manipulate his or her network traffic.

This is not ideal. When I lock my laptop, I don't expect someone to able to change my network configuration! But now someone can add a (possibly unencrypted!) wireless network to my config, and my device will automatically connect to it.

Thankfully, it's possible to disable the network menu at the lock screen. Open the Windows menu and type "Edit group policy" and open this tool. Now go to "Computer Configuration\Administration Templates\System\Logon" and enable "Do not display network selection UI":

And now the network icon is gone in your lock screen. No annoying people can now mess with your network configuration when you lock your device!