recall got recalled LOL yes i am aware it was not completely "recalled", however it is really funny to think about how fast they went "oh shit" and had to rework the way its rolled out :p
So basically we almost got into a situation where anyone within WiFi can just walk into your Windows PC with everything you've recently done laid out in a transcript with screenshots attached...?
Moreover, by the list of affected products on that page, this vulnerability is in every system from Vista and on. And they don't release updates for old consumer systems, only server ones. So any computer with non-server Windows Vista,7,8,8.1 that has equipped and enabled Wi-Fi module has one more unpatched hole.
back in the day I used to snoop the 2.4GHz wifi data just for kicks. and with an outside antenna with about 20ft of height I was able to snoop on stuff up to 1 mile away. So with this kind of set up you don't need to be "next" to someone to exploit. in theory with my old setup I could exploit every windows machine within a mile of me.
My favorite thing was replacing images on webpages people were loading around you by responding to the http request faster than the server. Another favorite was i had a screensaver than just loaded images loaded by other people on the network. The amount of porn that would generate on a collage campus was amazing.
Paraphrasing, “All sites had HTTPS by 2010 or so.” I sure wish that was true, but I had to convince people, professionally, up until about 2016 or later that it was important. I know people with viable businesses who still host their marketing website with no encryption.
Except for the screenshots, this information has been increasingly available to those in the know since Windows XP. They're just making it easier for users to access. You don't know where Microsoft is going with Windows? Do you ever look up this information?
WiFi connected through a parabolic dish has been used to communicate the several MILES across the Strait of Gibraltar. Wikipedia says it is 8.1 miles or 13 kilometers, but the dishes used were far above the water, which adds to the distance. But you don't want your dish to wobble at all when trying to receive a distant signal in a world often FILLED with WiFI equipment. All that other equipment can easily drown out the desired signal once it is off-axis. Other equipment NOT so far away is even more likely to drown out a distant signal, despite the directionality and RF gain of a dish antenna. Lastly, the ground itself becomes an impediment, as the Fresnel zones between distant line-of-sight antennas run into the ground and get absorbed. That will provide SOME security for distant unpatched 'Winblows' systems. *Overall, we once again see that Windows has all the security of an OPEN WINDOW.*
So, correct me if I'm wrong, but if your computer has no WiFi chip, and it is connected to the Internet through an Ethernet cable, this attack won't work?
Without details impossible to say for sure, but if it's not transmitting data thru wifi then it should not be possible to exploit it thru wifi either. So just having wifi off should be enough with the details known.
Thank you for your time. I'm new to these concepts and topics but everything is so interesting. Love knowledge, again appreciate you man and get better !
Plot twist: It was actually a complimentary feature to Recall to make it easier to steal user data. They wanted it to be a walk in the park, hence the low attack complexity.
This combined with the millions of infected routers and people disabling security updates and/or still being on windows 7 is going to do some serious damage
I love the kinda people who forcefully stay on Windows 7 (excluding those who need it because of niche hardware or software or something), because from what I've heard upkeeping it is worse than just learning to use Linux. Hell, by now you'd probably get better software support there than on Win7
@@RadikAlice Just pirate a Windows 10 LTSC iso then, you can hash the iso and compare it to a genuine hash, and use MAS to activate it with an LTSC IoT key. No feature updates, only security and stability ones and it's going to be supported until 2032. And still more secure to use an open source activator than to disable updates.
despite this vid, im not updating my windows. why the f would i install more telemetrics and spying on my computer. replace a bug that MIGHT get me spied on versus updating and DEFINITELY getting spied on lol
That vulnerability is not even in the wild. We don't even know what it is or how to exploit it. And there shouldn't be someone 30 ft away from you trying to get into your computer for all the unimportant stuff you got in there.
The Recall recall as part of the overall plan, imo. Announce something fiery, show customer sensitivity by removing it, all the while sliding in the true choke hold. Microsoft is a one-trick pony and this is it.
@@SpaceCadet4Jesus That comment was just made by a Microsoft hater. If you ask me, bing copilot is the most useable search engine right now. I avoid the parent company of this website like the plague
Maybe so. Linux is just as easy to hack, however. Remember Windows (since NT), OSX, Linux, Android, iOS, etc all are derivatives of the same kernel written decades ago.
@@Name-cs5kv - I thought as much. My comment was really aimed at the smug people that think that moving to Linux is somehow an automatic defence against bad actors. The more Linux is successful on the desktop the more it becomes vulnerable to attack.
I don't buy that MS is staying silent for the public good. If they cared about the public good, they'd patch Windows XP through 8. It's probably just to save face, avoid headlines like "every Windows laptop sold in the past 20 years can be hacked by unseen passers-by," which is what this seems to be.
Another risk of being on public Wi-Fi even when you're using an SSL is that someone can arp spoof your connection through theirs and then possibly knock you off with an HTTPS website onto HTTP using HSTS hijacking
If you want to do that, go for it. But don't be fooled into thinking that your computer is suddenly way more secure. It might not have this vulnerability, but you may well need go put more effort in to secure it.
The most likely bug in the parser for management frames is in the handling of TLV (type-length-value) elements in such frames. This is an ever recurring problem: code to unpack TLV data often does not handle excessively large length values, or even negative ones (when the length field is not handled as unsigned by the code). I bet this is another case of such a bug. What surprises me is that after all those iterations of "this version of Windows is the most secure one we ever released" (a recurring claim by Microsoft when the version number has been bumped), there still has been no comprehensive analysis of this type of software all across the Windows OS. It should be possible to give some group of good programmers inside the company access to all sourcecode and let them hunt for TLV handling and scrutinize it. Apparently not a priority inside Microsoft.
I was gonna comment this too, since I actually write such code. I do this in rust, where it's less of an issue, but a lot of elements are a complete nightmare to parse like the RSN element.
any network is set to public by default since its a recomended setting, public networks have stricter policies, private networks require more setup and customizetion though
If all else fails buy a reverse SMA (or appropriate) connector and wire a short straight across it. My PC doesn't see the AP right next to it with this fitted. Also, most Windows builds won't enable WiFi if a connected RJ45 network exists.
Windows was never designed to be a server/ or network attached OS. It was just supposed to an isolated desktop OS to do stuff like writing letters, adding things and drawing pictures. Linux was built with networking from the ground up is more secure so is capable of doing the 'real' work of computing.. Hence why linux kernel is used in servers , and most other devices.
what about Linux, Android, Linux, ChromeOS and iOS? they discovered wifi vulnerabilities there too, not this, but they too had and might still have wi-fi vulnerabilities.
@@STCatchMeTRACjRoI agree, everything can be hacked regardless, but windows is the most vulnerable due to it's architecture once access has been gained by a hacker. Also, Linux is open source with more eyes on the code so vulnerabilities are fixed quickly.
@@robertjames4908 We know that’s not the case. A lot of the critical vulnerabilities have slept there unseen for a rather long time before getting found. Open source can be a mess, too.
@@RegrinderAlert Basically there are critical vulnerabilities everywhere. It's just that Windows Recall has made the critical vulnerability even more critical, in that when you are hacked more critical information can be siphoned off. Leading to a critical collapse in the hackee's finances, personal life and everything else.
As a minor matter, no, bank web sites were always https, even at the beginning. They probably had lots of problems, but encrypted login was the norm. Unlike the rest of the web.
I don't use wi-fi on my workstations or servers, 98% of my house is Cat 5e wired (eventually Cat 6e), a jack in every room, stable and reliable and unjammable by thief's running around with signal jammers to jam wi-fi cams and alarm systems.
Windows 11 is the most uwanted sys it takes sevral hours to disable unwanted features its not only packed with spyware and keyloggers.On top of all that w11 is ugly compared to w8 or w10....it hes no soul....you might aswell go linux cuz thats the quality you get these days anyway
Spectre / Meltdown, unfixable. Exists in all Intel and most AMD CPUs. Bounds check bypass (CVE-2017-5753), Branch target injection (CVE-2017-5715), Rogue data cache load (CVE-2017-5754)
So am I wrong to be worried that this flaw is potentially in every WiFi enabled device like say a cell phone. I think we really need to know if this is a potential issue in Android and iOS
not this flaw but they to have their own flaw "Cybersecurity researchers have identified two authentication bypass flaws in open-source Wi-Fi software found in Android, Linux, and ChromeOS devices". iOS too has its own wifi flaw as well. of course all this get patched up, so if your devices are up to date then this flaw are no more. of course new flaws might get discovered with time.
Finally someone on RUclips telling people that you don't necessarily need a VPN when using public Wifi. I use public Wifi a lot, and the only times I use VPN is when I actually need to connect to something not public, like the network of my employer or my network at home to access my NAS. (My modem/router fortunately has this capability). I guess we will never see a video sponsored by the usual VPN companies on this channel... 😅
When everything is "connected", well, everything is connected. 😕 The only way society could truly be "secure" would be for it to go WAY back to the days when computers were standalone, unconnected, one-user devices. But that ain't gonna happen, obviously.
Well maybe ? I've been in the (computer) business since storage was huge tape drives. I have two workstations with no network connection for secure work. All comms is on encrypted drives sent by Snail Mail or hand delivered. I don't think this is all that uncommon in commercial life (eg. aerospace) and certainly not in military.
In many cases Windows is unable to even establish a Wi-Fi connection where other OS such as Linux can do it easily on the exact same machine. Had this issue on a bunch of laptops that came with Windows pre-installed. Wiped the drive, installed Linux, and it works perfectly.
Have I been compromised?! Noticed my SSIDs were no longer available when I got home yesterday. Noticed that the default WAP info (sticker on back of router) was now available. I ended up connecting to that out of necessity.
Is your router or your ISP's router? sounds like someone reset it. And dear god I hope you are not still using WAP. Didn't think that protocol even came in modern equipment.
@@jamieamc I take it that you haven't been a programmer for many years and/or don't care about open source and/or don't care about anti-competitive corporate behavior.
So if a PC only had Ethernet it wouldn't be vulnerable being connected to a WiFi router? It would need a WiFi card and be connected over WiFi instead of Ethernet?
What most people do not realize is that there is no key exchange within WPA2-PSK. When you use WiFi with only an SSID and a passphrase, everyone connected to that WiFi using that same passphrase "knows" the key all the others are using, because the key is just a hash of the passphrase. So even when the WiFi is encrypted, you can still listen in on all other user's traffic when everyone uses the same SSID+passphrase, as is usually the case in settings like "internet cafe provided WiFi" (SSID and password are published to everyone present there). The way around this is to use either WPA2-EAP or WPA3-PSK (or -EAP), where this defect has been fixed. Unfortunately neither are very common. WPA3 also encrypts the management frames.
@@forbidden-cyrillic-handle Couldn't even get it to boot up.. Crashed repeatedly. Eventually found the serious bug by developer but by then I was long gone. Never had Windows do that.
this is really cool because I actually just took the stance years ago that I personally just do not know enough about wifi and potential security risks and is one of the few things i aggressively agreed on with some of my older more conspiracy driven computer nerd friends at the time lol. I can't pretend like I know enough to say what is happening but I know for a fact I don't know, so I don't mess with it. Always a lan connection on a pc and do what I can to avoid mobos with wifi. It's the only peace of mind I have for real security on this computer is that I can unplug my switch if i really have too. always a heckin interestin video.
Hey there. Are you aware of CVE's tied to XORG running as part of desktop Linux sharing keypress with ALL running apps? In an XORG Linux desktop VM, install xinput, run xinput, NOT as root, in test mode in a terminal, open another terminal, a notepad, a calc, and a browser. With xinput in test mode it will capture all keypresses. The note in notepad, the calculations in your calc, your financial account in your browser, and your sudo pw in the second terminal. Wayland supposedly gets around this but with Linux on X every nonprivileged app running can read EVERY keypress. No NPU required on XORG Linux to capture your data.
I got so mad at Microsoft that now my thinkpad t14 runs Hackintosh, it runs terribly bad as much as it is acceptable, and I use windows only on the built desktop. I chose this path because Hackintosh it's really very fucked up linux without a native packet manager but has support for almost all programs I have on the desktop. I'll switch to linux when it will have enough windows programs running natively or Wine actually gets better. Until that day, I'm running this weird configuration.
Wouldn't a solution be to have the computer only scan/interact with non connected Wi-Fi networks if you the user run a "scan now" function and stop after either you connect to a network or the service times out. Then while dormant the computer just ignores any attempts to handshake/communicate with it. At the very least.youd only be vulnerable in the small network scan window.
Your theory about the Wi-Fi bug is outstanding. Far too many people on RUclips and in the media the brand is that sells as experts have almost zero programming for security knowledge.. they just pair it what they read on some website with it was written by someone who also doesn't know what they're talking about
This bug also allows a hostile actor to take over the connection thereby disguising themselves as the target machine and allowing nefarious actions which look like they're coming from the target machine instead of the hacker's box. It's also a way to get free WiFi in that one can disguise themselves as a logged in user without any authentication. The router simply assumes that the traffic is coming through the authenticated machine instead of the attacking machine or threat actor in this scenario. This has been a bug since XP was big news. It surprises me that it's taken this long to come out. Us red hats have been using it for literally decades...
To your discussion on public WiFi, don't use public WiFi, folks! Not same as this bug, but my phone got infected simply from connecting to a public network. I hadn't opened any pages at all, just connected and then my phone started opening this abandoned russian gaming site that hadn't had new articles in months. The phone would just open it randomly while not browsing anything.
If in your own home with more than one computer and using Wifi through your ISP and their router is it best to have it set as Public or Private? Which by the way states "Connected, Secure". By default it's selected Public and (recommended). In order to not be on Wifi each person would need to have their own separate Router to have connection by Ethernet?
The thing about Recall is that literally no one asked for it. They're just shoehorning in AI into an OS to make their Open AI investment worth it. Meanwhile, for most of us, it just bloats up the OS. And introduces security vulnerabilities...
I think you're mistaken about if people want a function like this or not. It would probably be very useful for most people, so the idea itself isn't bad. But the version that was shown was horribly flawed and with the potential huge risks involved, I'm not sure it should ever be released. But the function itself is probably wanted by many.
@@Thor6398-jt4mb You might be right about that - I'm definitely in a social bubble of privacy-minded, tech-wary people. I heard about Recall and thought "So Microsoft just wants to farm more of my data? Hell no." But I imagine that an average grandma using a computer wouldn't care.
Doesn't it mean you have to be in Wi-Fi range of the target device? For people who live in large cities, especially at or close to street-level of high-traffic areas, this is BAD. Like real, real bad.
Basically every major company implements things with the possibility of vulnerabilities. Safety really isn't a concern when you're rocking massive frameworks that are difficult to debug let alone understand.
All software ends up having vulnerabilities that needs to be fixed. That's neither surprising, nor something we can really blame anyone for. It's pretty much unavoidable. However, it's exactly why the Recall thing was such a nightmare.
9:53 I think I'd rather just remove my wifi card or carry around a raspberry pi to use as an external wifi reciever and router. Modern Microsoft software is malware.
I would rate that CVE at 9.8/10 due to a 0 day exploit that takes over a router remotely, subsequently allowing the attacker to execute the RCE management packet which can compromise the victim system.
I am currently failing to successfully google a noob-friendly answer to the question: Is any alternative Windows program for Outlook safe? And if so which ones?! 😢
Can a researcher, such as yourself, not compare the binaries to decipher what is different? Or simply debug the operation of each driver? Or disassemble the binaries and diff the two code sets?
I’m guessing it must be a subset of the management frames, some of them require the protocol state machine to be in a particular status. If this is the case and there is no weird stuff in the WiFi driver, probably beacon or action frames could be the ones used to trigger the vulnerability.
Recall actually forced me into Linux Mint, and the fact I have managed to run every game I wanted (Save some with anti-cheat) and find free open source alternatives to all my programs makes feel satisfied for my choice
wanna learn to code in C or assembly? check out lowlevel.academy and use code THREADS20 for 20% off lifetime access. or dont. im not a cop
Just wanted to say it’s been 20 min and there’s no comment nor like under a pinned comment. Have a good day Mr Hacking Guy :)
no.
nope
if you were a cop that would give me less of a reason to lol
why should i learn it? any good reason?
recall got recalled LOL
yes i am aware it was not completely "recalled", however it is really funny to think about how fast they went "oh shit" and had to rework the way its rolled out :p
YEP
foreshadowing at its finest
@@Possseidon they thought throught the name. Meta
theory: they planned this for clout
Really? What happened?
So basically we almost got into a situation where anyone within WiFi can just walk into your Windows PC with everything you've recently done laid out in a transcript with screenshots attached...?
Absolutely terrific. I'm glad im paying $350 / year for that stability 🙄
Yes.
Yes.
Not ‘Almost’
Yes.
Between this and the zero-click Outlook vulnerability they're having a very bad week.
Havent seen the outlook one, does it affect the desktop client or the OneOutlook (web) one?
@@feefre Desktop client, they just pushed a patch for it a few days ago.
Link or CVE number?
@@JaredJeyaretnam CVE-2024-3010
It's funny that the bounty for a zero click outlook vulnerability got bumped to $400k recently...
Moreover, by the list of affected products on that page, this vulnerability is in every system from Vista and on. And they don't release updates for old consumer systems, only server ones. So any computer with non-server Windows Vista,7,8,8.1 that has equipped and enabled Wi-Fi module has one more unpatched hole.
If it is bad enough, they have been know to occasionally release patches for Windows versions beyond end of life.
@@piisfun like Windows XP! (cough cough Wannacry)
I hope there is a patch for previous versions if they are affected. Retro computing is a thing after all.
Guess I'll be moving my 7 machine to XP then.
back in the day I used to snoop the 2.4GHz wifi data just for kicks. and with an outside antenna with about 20ft of height I was able to snoop on stuff up to 1 mile away. So with this kind of set up you don't need to be "next" to someone to exploit. in theory with my old setup I could exploit every windows machine within a mile of me.
My favorite thing was replacing images on webpages people were loading around you by responding to the http request faster than the server. Another favorite was i had a screensaver than just loaded images loaded by other people on the network. The amount of porn that would generate on a collage campus was amazing.
@@Cynyr Just fyi I'm 90% sure that's a felony (sending the fake http packets) if you're in America my dude
@fernycl Don't worry it happened way before the cyber police was invented
“Adjacent,” is relative
Reminds me of when my isp had netbios and smb open on their site switches. I could mount my neighbor's c partitions by guessing ip addresses. 😂😂
Paraphrasing, “All sites had HTTPS by 2010 or so.”
I sure wish that was true, but I had to convince people, professionally, up until about 2016 or later that it was important. I know people with viable businesses who still host their marketing website with no encryption.
How lol since browsers added warnings every normie will think their site is a virus
@@theairaccumulator7144 I’m not here to convince you
And we had to pay for them!
Sites don't need encryption when there's no login.
There is no excuse to not use https in 2024. It is a red flag.
a CHINESE cyber security company warned the American company about this crazy security vulnerability.
The turn tables of the century
Its funny that someone in china really cares about international security, even if they could exploit it.
@@septanesium Rich Evans: “O how the Turn chables have chabled”
Turns out Chinese people aren’t a homogenous evil blob that hate America and aren’t constantly plotting their downfall… gasp 😮
I seem to remember that they're mandated to inform the government first. It probably means it wasn't very useful.
Don't forget the PHP vulnerbility, that only affects Windows.
Who asked for Recall? Like who are they marketing it for? What was there plan? I am kinda confused at where they are going as far as windows.
Except for the screenshots, this information has been increasingly available to those in the know since Windows XP. They're just making it easier for users to access.
You don't know where Microsoft is going with Windows? Do you ever look up this information?
Actually, if the hacker has a high gain antenna, he doesn't have to be that close.
WiFi connected through a parabolic dish has been used to communicate the several MILES across the Strait of Gibraltar. Wikipedia says it is 8.1 miles or 13 kilometers, but the dishes used were far above the water, which adds to the distance. But you don't want your dish to wobble at all when trying to receive a distant signal in a world often FILLED with WiFI equipment. All that other equipment can easily drown out the desired signal once it is off-axis. Other equipment NOT so far away is even more likely to drown out a distant signal, despite the directionality and RF gain of a dish antenna. Lastly, the ground itself becomes an impediment, as the Fresnel zones between distant line-of-sight antennas run into the ground and get absorbed. That will provide SOME security for distant unpatched 'Winblows' systems. *Overall, we once again see that Windows has all the security of an OPEN WINDOW.*
Gotta love the Microsoft AI ad in the background around 5:34 that literally advertises Recall
So, correct me if I'm wrong, but if your computer has no WiFi chip, and it is connected to the Internet through an Ethernet cable, this attack won't work?
That should be correct.
Without details impossible to say for sure, but if it's not transmitting data thru wifi then it should not be possible to exploit it thru wifi either. So just having wifi off should be enough with the details known.
Yes.
It's also avoidable if you ditch Windows 😮
When I first read about the vulnerability, I had the same question. I guess that it’s a good thing I never bothered buying a wifi card.
Seeing these vulnerabilities I just have to wonder, how many undiscovered ones are there, still waiting to be found?
A lot. The people that make any software or hardware are human, and can make mistakes.
That, and since it's absolutely proprietary in most cases it's harder for the average programmer to find and patch bugs.
Windows ~3k, Linux ~8k discovered vulnerabilities. i would say few thousand vulnerabilities not yet discovered on windows.
@@STCatchMeTRACjRo it seems weird at first that linux has 8k, but that's because it's open and we can find vulns faster lol
@@gonderage i know.. thats why i say linux is secure. more vulnerabilities discovered == more patches == more fixes == more secure; more likely
.
Thank you for your time. I'm new to these concepts and topics but everything is so interesting. Love knowledge, again appreciate you man and get better !
thank you!
the cvss you were talking about also makes it sound like it's a very *stable, reliable* exploit, as well.
Plot twist: It was actually a complimentary feature to Recall to make it easier to steal user data. They wanted it to be a walk in the park, hence the low attack complexity.
Me: Immediately going to update Windows after reading the title and thumbnail. lol.
thx for the reminder
Not a problem if you don't use windows
@@ninjameep8616 or wifi
Doing it over WiFi?
Mine keeps getting an error
This combined with the millions of infected routers and people disabling security updates and/or still being on windows 7 is going to do some serious damage
People wouldn't have such a negative Pavlovian response to updates if Windows and the NT kernel didn't manage it so poorly
I love the kinda people who forcefully stay on Windows 7 (excluding those who need it because of niche hardware or software or something), because from what I've heard upkeeping it is worse than just learning to use Linux. Hell, by now you'd probably get better software support there than on Win7
@@maybenat One of those is a friend of mine. Hates change, as you'd imagine
I've told him as much
@@RadikAlice Just pirate a Windows 10 LTSC iso then, you can hash the iso and compare it to a genuine hash, and use MAS to activate it with an LTSC IoT key. No feature updates, only security and stability ones and it's going to be supported until 2032. And still more secure to use an open source activator than to disable updates.
despite this vid, im not updating my windows. why the f would i install more telemetrics and spying on my computer.
replace a bug that MIGHT get me spied on versus updating and DEFINITELY getting spied on lol
Another important action you can take to protect yourself from the WiFi vulnerability is to disable your WiFi when you aren’t using it.
I think it's the best advice when you keep everything updated.
That vulnerability is not even in the wild. We don't even know what it is or how to exploit it. And there shouldn't be someone 30 ft away from you trying to get into your computer for all the unimportant stuff you got in there.
microsoft pls hire me, i could have told you recall was dogpoop before you even started making it.
The Recall recall as part of the overall plan, imo. Announce something fiery, show customer sensitivity by removing it, all the while sliding in the true choke hold. Microsoft is a one-trick pony and this is it.
What is the true choke hold?
And what one trick is the pony Microsoft doing?
@@SpaceCadet4Jesus That comment was just made by a Microsoft hater. If you ask me, bing copilot is the most useable search engine right now. I avoid the parent company of this website like the plague
"It's been a rough week for Microsoft". You know, ya just love to hear it.
Appreciate how you've broken down the potential pitfalls of this vulnerability and given a clear understanding of why this is such a big deal.
A low level wi-fi vulnerability could be a 10 if it's wormable, because it may spread between Windows hosts on different wireless networks.
great recall ad at 5:28
Microsoft itself is an advertisement for linux
I guess the more popular Linux becomes the hackers will be sharpening up their Linux compromise tools…. Best to stay somewhat under the radar 🤓
Linux servers are bascially the default and extremely valuable targets. There's already a lot of effort towards hacking and malware for linux.
Maybe so. Linux is just as easy to hack, however. Remember Windows (since NT), OSX, Linux, Android, iOS, etc all are derivatives of the same kernel written decades ago.
@@Name-cs5kv - I thought as much. My comment was really aimed at the smug people that think that moving to Linux is somehow an automatic defence against bad actors. The more Linux is successful on the desktop the more it becomes vulnerable to attack.
As if linux was not vulnerable
Damn this gives memories of Wannacry and EternalBlue
yep, thats probably why they didnt give details.
Yea it's wormable you can get to airgaped machines with wifi adaptors.
Way ahead of you, I updated my computer to Linux a couple months ago.
i always name my bluetooth and wifi devices to have format strings in them. i have found a few format string vulnerabilities this way lol
As a programmer, I hate you. As a cybersecurity type: good one!
Thanks for updating us on these vulnerabilities, always nice too get these videos recommended relatively quickly
I don't buy that MS is staying silent for the public good. If they cared about the public good, they'd patch Windows XP through 8. It's probably just to save face, avoid headlines like "every Windows laptop sold in the past 20 years can be hacked by unseen passers-by," which is what this seems to be.
If only they spent as much time as they've been shoving AI in our mouths into working on actual security issues...
Another risk of being on public Wi-Fi even when you're using an SSL is that someone can arp spoof your connection through theirs and then possibly knock you off with an HTTPS website onto HTTP using HSTS hijacking
arguably, it’s always a rough week for microsoft
The concept of Linux is growing on me.
You totaly should switch to Linux
Go for it. You'll get used to it eventually.
@@toxicbavariankitten you have old thinkpad vibes
If you want to do that, go for it.
But don't be fooled into thinking that your computer is suddenly way more secure. It might not have this vulnerability, but you may well need go put more effort in to secure it.
@@toxicbavariankittendisgusting
Saw this coming, window's wifi driver has always randomly failed for seemingly no reason. That's a tell-tale sign of an over/underflow.
The most likely bug in the parser for management frames is in the handling of TLV (type-length-value) elements in such frames.
This is an ever recurring problem: code to unpack TLV data often does not handle excessively large length values, or even negative ones (when the length field is not handled as unsigned by the code).
I bet this is another case of such a bug.
What surprises me is that after all those iterations of "this version of Windows is the most secure one we ever released" (a recurring claim by Microsoft when the version number has been bumped), there still has been no comprehensive analysis of this type of software all across the Windows OS.
It should be possible to give some group of good programmers inside the company access to all sourcecode and let them hunt for TLV handling and scrutinize it.
Apparently not a priority inside Microsoft.
I was gonna comment this too, since I actually write such code. I do this in rust, where it's less of an issue, but a lot of elements are a complete nightmare to parse like the RSN element.
Can u cite your source for 1 vuln for every 1000 loc? It would be really interesting to read that
just write 1000 lines of C and post it on here and we will show you. pastebin
clarification, Windows runs the world of Desktop computing. Not the world of server computing. Most servers run linux.
what big server uses wifi?
So does this mean I should try Mac and forget about Microsoft? They seem stupid and negligent. So much for experts.
Switch to Linux, it's secure and free on the contrary to Apple.
This one aged like a wine
Who needs backdoors, when you leave Windows open?
any network is set to public by default since its a recomended setting, public networks have stricter policies, private networks require more setup and customizetion though
I do wonder if the WiFi can be shutoff to avoid this bug or how older systems that can't be updated easily can avoid this issue.
Pull out your wifi card
Older systems often have a physical switch to enable/disable the WiFi, and otherwise at least a setting in the BIOS SETUP.
If all else fails buy a reverse SMA (or appropriate) connector and wire a short straight across it. My PC doesn't see the AP right next to it with this fitted.
Also, most Windows builds won't enable WiFi if a connected RJ45 network exists.
@@Rob2 Also allows you to from any installed harware, including WiFi cards.
@@adrianandrews2254 I don't think that will work anymore in Windows 10 or 11. It will just download a new driver.
I can smell the sweat emmiting from the Linux nerds, thinking they're safe from hackers, when in reality, they are just as vulnereble
If this bug is at the kernel level, I assume that running in a virtual machine session would not offer any protection, correct?
Windows was never designed to be a server/ or network attached OS. It was just supposed to an isolated desktop OS to do stuff like writing letters, adding things and drawing pictures. Linux was built with networking from the ground up is more secure so is capable of doing the 'real' work of computing.. Hence why linux kernel is used in servers , and most other devices.
what about Linux, Android, Linux, ChromeOS and iOS? they discovered wifi vulnerabilities there too, not this, but they too had and might still have wi-fi vulnerabilities.
@@STCatchMeTRACjRoI agree, everything can be hacked regardless, but windows is the most vulnerable due to it's architecture once access has been gained by a hacker. Also, Linux is open source with more eyes on the code so vulnerabilities are fixed quickly.
@@robertjames4908 We know that’s not the case. A lot of the critical vulnerabilities have slept there unseen for a rather long time before getting found. Open source can be a mess, too.
@@RegrinderAlert Basically there are critical vulnerabilities everywhere. It's just that Windows Recall has made the critical vulnerability even more critical, in that when you are hacked more critical information can be siphoned off. Leading to a critical collapse in the hackee's finances, personal life and everything else.
guess im not booting into windows for a bit
I think turning off the wifi should be safe. Though it may not be a viable option for most people.
@@superneenjaa718or just update
the fix was released days ago. You need to boot into windows to install it.
if by "bit" you actually mean "ever", then yes, you're correct
@@user-to7ds6sc3p fix for this but what about the other vulnerabilities?
As a minor matter, no, bank web sites were always https, even at the beginning. They probably had lots of problems, but encrypted login was the norm. Unlike the rest of the web.
So, this is reason #6291 not to use Windows, right? It's been over ten years since I have used Windows! I am now a heavily confirmed Linux user!
so edgy
I don't use wi-fi on my workstations or servers, 98% of my house is Cat 5e wired (eventually Cat 6e), a jack in every room, stable and reliable and unjammable by thief's running around with signal jammers to jam wi-fi cams and alarm systems.
You can easily create a small "jamming alarm" with a simple ESP32 😏 When the connection is lost, start the alarm, and stop it when it's back online.
@@mathieucaron4957 You could, if your tech savvy, but if you reboot your wi-fi router, it may go off.. unless it has a reasonable delay.
Windows 11 is the most uwanted sys it takes sevral hours to disable unwanted features its not only packed with spyware and keyloggers.On top of all that w11 is ugly compared to w8 or w10....it hes no soul....you might aswell go linux cuz thats the quality you get these days anyway
Spectre / Meltdown, unfixable. Exists in all Intel and most AMD CPUs. Bounds check bypass (CVE-2017-5753), Branch target injection (CVE-2017-5715), Rogue data cache load (CVE-2017-5754)
So am I wrong to be worried that this flaw is potentially in every WiFi enabled device like say a cell phone. I think we really need to know if this is a potential issue in Android and iOS
not this flaw but they to have their own flaw "Cybersecurity researchers have identified two authentication bypass flaws in open-source Wi-Fi software found in Android, Linux, and ChromeOS devices". iOS too has its own wifi flaw as well. of course all this get patched up, so if your devices are up to date then this flaw are no more. of course new flaws might get discovered with time.
Finally someone on RUclips telling people that you don't necessarily need a VPN when using public Wifi. I use public Wifi a lot, and the only times I use VPN is when I actually need to connect to something not public, like the network of my employer or my network at home to access my NAS. (My modem/router fortunately has this capability).
I guess we will never see a video sponsored by the usual VPN companies on this channel... 😅
Thank God. Misinformation abounds.
When everything is "connected", well, everything is connected. 😕 The only way society could truly be "secure" would be for it to go WAY back to the days when computers were standalone, unconnected, one-user devices. But that ain't gonna happen, obviously.
Well maybe ? I've been in the (computer) business since storage was huge tape drives. I have two workstations with no network connection for secure work. All comms is on encrypted drives sent by Snail Mail or hand delivered. I don't think this is all that uncommon in commercial life (eg. aerospace) and certainly not in military.
In many cases Windows is unable to even establish a Wi-Fi connection where other OS such as Linux can do it easily on the exact same machine. Had this issue on a bunch of laptops that came with Windows pre-installed. Wiped the drive, installed Linux, and it works perfectly.
Have I been compromised?! Noticed my SSIDs were no longer available when I got home yesterday. Noticed that the default WAP info (sticker on back of router) was now available. I ended up connecting to that out of necessity.
Is your router or your ISP's router? sounds like someone reset it. And dear god I hope you are not still using WAP. Didn't think that protocol even came in modern equipment.
Yep you've been hacked, sucker. Thought you were safe but you're not. Now I have all your information.
I hate Microsoft with a burning passion..
Odd thing to be passionate about
@@jamieamc I take it that you haven't been a programmer for many years and/or don't care about open source and/or don't care about anti-competitive corporate behavior.
definitely followed on twitch. the amount of no bs on this channel is unmatched for RUclips IT category standards
So if a PC only had Ethernet it wouldn't be vulnerable being connected to a WiFi router? It would need a WiFi card and be connected over WiFi instead of Ethernet?
wild to play ads in the browser while recording, next level adblock avoidance.
and there is an ad for recall in the wpa3 article, how ironic.
What most people do not realize is that there is no key exchange within WPA2-PSK.
When you use WiFi with only an SSID and a passphrase, everyone connected to that WiFi using that same passphrase "knows" the key all the others are using, because the key is just a hash of the passphrase.
So even when the WiFi is encrypted, you can still listen in on all other user's traffic when everyone uses the same SSID+passphrase, as is usually the case in settings like "internet cafe provided WiFi" (SSID and password are published to everyone present there).
The way around this is to use either WPA2-EAP or WPA3-PSK (or -EAP), where this defect has been fixed. Unfortunately neither are very common.
WPA3 also encrypts the management frames.
im disappointed that you didn't mention the kernel object race condition privilege elevation vulnerability
Similar to eternal blue vuln but on the data link and physical layer?
Imagine someone hacking your computer via WIFI ACE Exploit just to say "hey, wanna date? I'm the person behind you 😘" in a message box
since windows 10 is just windows 7 with unwanted bullshit attached, can we apply the ten fix to windows 7 somehow?
How can we protect outselves? - We can install Linux!
No, thanks. Done that, repeated crashes, un-installed.
@@forbidden-cyrillic-handle Couldn't even get it to boot up.. Crashed repeatedly. Eventually found the serious bug by developer but by then I was long gone. Never had Windows do that.
just like i thought, recall got recalled. excellent job microsoft ...
Damned if you, damned if you don't.
Glad I switched over to Linux.
this is really cool because I actually just took the stance years ago that I personally just do not know enough about wifi and potential security risks and is one of the few things i aggressively agreed on with some of my older more conspiracy driven computer nerd friends at the time lol.
I can't pretend like I know enough to say what is happening but I know for a fact I don't know, so I don't mess with it. Always a lan connection on a pc and do what I can to avoid mobos with wifi.
It's the only peace of mind I have for real security on this computer is that I can unplug my switch if i really have too.
always a heckin interestin video.
Hey there. Are you aware of CVE's tied to XORG running as part of desktop Linux sharing keypress with ALL running apps? In an XORG Linux desktop VM, install xinput, run xinput, NOT as root, in test mode in a terminal, open another terminal, a notepad, a calc, and a browser. With xinput in test mode it will capture all keypresses. The note in notepad, the calculations in your calc, your financial account in your browser, and your sudo pw in the second terminal. Wayland supposedly gets around this but with Linux on X every nonprivileged app running can read EVERY keypress. No NPU required on XORG Linux to capture your data.
LOL those recall ads in the bqckground
Seems Linux is safe about this attack?
Interresting video btw!
I got so mad at Microsoft that now my thinkpad t14 runs Hackintosh, it runs terribly bad as much as it is acceptable, and I use windows only on the built desktop. I chose this path because Hackintosh it's really very fucked up linux without a native packet manager but has support for almost all programs I have on the desktop. I'll switch to linux when it will have enough windows programs running natively or Wine actually gets better. Until that day, I'm running this weird configuration.
Wouldn't a solution be to have the computer only scan/interact with non connected Wi-Fi networks if you the user run a "scan now" function and stop after either you connect to a network or the service times out. Then while dormant the computer just ignores any attempts to handshake/communicate with it. At the very least.youd only be vulnerable in the small network scan window.
Your theory about the Wi-Fi bug is outstanding. Far too many people on RUclips and in the media the brand is that sells as experts have almost zero programming for security knowledge.. they just pair it what they read on some website with it was written by someone who also doesn't know what they're talking about
This bug also allows a hostile actor to take over the connection thereby disguising themselves as the target machine and allowing nefarious actions which look like they're coming from the target machine instead of the hacker's box. It's also a way to get free WiFi in that one can disguise themselves as a logged in user without any authentication. The router simply assumes that the traffic is coming through the authenticated machine instead of the attacking machine or threat actor in this scenario. This has been a bug since XP was big news. It surprises me that it's taken this long to come out. Us red hats have been using it for literally decades...
To your discussion on public WiFi, don't use public WiFi, folks! Not same as this bug, but my phone got infected simply from connecting to a public network. I hadn't opened any pages at all, just connected and then my phone started opening this abandoned russian gaming site that hadn't had new articles in months. The phone would just open it randomly while not browsing anything.
If in your own home with more than one computer and using Wifi through your ISP and their router is it best to have it set as Public or Private? Which by the way states "Connected, Secure". By default it's selected Public and (recommended). In order to not be on Wifi each person would need to have their own separate Router to have connection by Ethernet?
Great stuff, Ed. Keep it up. Love your style!
Imagine the same WIFI vuln but on mobile phones instead of windows.
This Wi-Fi vulnerability sounds pretty similar in nature to a Bluetooth vulnerability from a few years ago that abused the advertisement feature
The thing about Recall is that literally no one asked for it. They're just shoehorning in AI into an OS to make their Open AI investment worth it.
Meanwhile, for most of us, it just bloats up the OS. And introduces security vulnerabilities...
I think you're mistaken about if people want a function like this or not. It would probably be very useful for most people, so the idea itself isn't bad.
But the version that was shown was horribly flawed and with the potential huge risks involved, I'm not sure it should ever be released.
But the function itself is probably wanted by many.
@@Thor6398-jt4mb You might be right about that - I'm definitely in a social bubble of privacy-minded, tech-wary people. I heard about Recall and thought "So Microsoft just wants to farm more of my data? Hell no."
But I imagine that an average grandma using a computer wouldn't care.
Doesn't it mean you have to be in Wi-Fi range of the target device? For people who live in large cities, especially at or close to street-level of high-traffic areas, this is BAD. Like real, real bad.
Nobody will be firing this out in a big city. Way to get busted lol
Exactly.
@@theairaccumulator7144 You're saving my life right now ;)
Basically every major company implements things with the possibility of vulnerabilities. Safety really isn't a concern when you're rocking massive frameworks that are difficult to debug let alone understand.
All software ends up having vulnerabilities that needs to be fixed. That's neither surprising, nor something we can really blame anyone for. It's pretty much unavoidable.
However, it's exactly why the Recall thing was such a nightmare.
it is almost a rough week for Microsoft almost every week. Their security is a colander. And they aren't secured at the file system.
New Technology File System 😂😂😂
Just in case !
Wpa3 is more better then wpa2. !
If you have wpa2 if possible pls upgrade your router that you'll have wpa3🙃👍
9:53 I think I'd rather just remove my wifi card or carry around a raspberry pi to use as an external wifi reciever and router. Modern Microsoft software is malware.
Its a ssid buffer overflow. They leave 512 bytes for buffer. You just write more than 512 and bam rce. Not hard at all.
I would rate that CVE at 9.8/10 due to a 0 day exploit that takes over a router remotely, subsequently allowing the attacker to execute the RCE management packet which can compromise the victim system.
1. Don't run windows
2. Don't use wifi
I am currently failing to successfully google a noob-friendly answer to the question: Is any alternative Windows program for Outlook safe? And if so which ones?! 😢
Can a researcher, such as yourself, not compare the binaries to decipher what is different? Or simply debug the operation of each driver? Or disassemble the binaries and diff the two code sets?
If you use ssl still then you might want to look into the TLS1.3
I’m guessing it must be a subset of the management frames, some of them require the protocol state machine to be in a particular status. If this is the case and there is no weird stuff in the WiFi driver, probably beacon or action frames could be the ones used to trigger the vulnerability.
Recall actually forced me into Linux Mint, and the fact I have managed to run every game I wanted (Save some with anti-cheat) and find free open source alternatives to all my programs makes feel satisfied for my choice