Researcher claims hackers can easily hijack `unencrypted` Windows crash reports

Last Updated: Monday, January 6, 2014 - 18:44

Washington: Window`s error and crash reporting system is prone to hacking and hackers can use the unencrypted data to refine and pinpoint their attacks, a researcher has revealed.

German newsmagazine Der Spiegel recently reported that the US` NSA collected Windows crash reports from its global wiretaps to monitor details of targeted PCs.

Director of threat research at Websense, Alex Watson said this information would give an attacker significant advantage and give them a blueprint of the targeted network, PC World reports.
Watson explained that Microsoft does not encrypt the initial crash reports, which include both those that prompt the user before they`re sent as well as others that do not and the data is instead sent to Microsoft`s servers `in the clear`, or over standard HTTP connections.

The error reports contain in them wealth of information on the specific PC. For example, if a user plugs in their iPhone to sync with iTunes, an automatic report is sent to Microsoft containing device`s identifier and manufacturer, the Windows version, the maker and model of the PC and other data.

It was found by the researcher that the unencrypted information fed to Microsoft by the initial and lowest-level reports, labeled "Stage 1" report, comprise a dangerous leak.

Although, error reporting can be disabled manually on a machine-by-machine basis or in large sets by IT administrators using Group Policy settings, Watson has recommended that Microsoft should encrypt all ERS data that is sent from consumer PCs to its servers.
Meanwhile, spokesperson for Microsoft said that Secure Socket Layer connections are regularly established to communicate details contained in Windows error reports, however, the company has acknowledged that Stage 1 reports are not encrypted.

First Published: Monday, January 6, 2014 - 18:43
comments powered by Disqus