Researchers at Websense, a San Diego-based company specializing in computer security software, have reported that the Microsoft’s error and crash reporting system for Windows is “prone to hacking” – allowing attackers to use “unencrypted data” as an opportunity to “refine and pinpoint their attacks“, according to a recent article published by Zee News India.
Alex Watson, director of threat research at Websense, was reported in the article to say that the collected information would give the hacker “significant advantage and give them a blueprint of the targeted network.” In the article, Watson explains further by saying that “Microsoft does not encrypt the initial crash reports.” According to the article, these include two types of Microsoft crash prompts: (1) reports that prompt the user before they’re sent, and (2) reports that do not where the data is sent to Microsoft’s servers “in the clear“, or over standard HTTP connections.
The article indicates that these error reports contain a “wealth of information on the specific PC” which can be used to gain access to a number of private entrances of the user. As the article explains by an example, if an iPhone user connects their phone to “sync with iTunes” this prompts the generation of an “automatic report” which is then sent directly to Microsoft. This report contains the “identifier and manufacturer” of the device, and as the article indicates, “the Windows version, the maker and model of the PC and other data.” According to the article, Websense discovered that “unencrypted information fed to Microsoft by the initial and lowest-level reports, labeled ‘Stage 1’ report, comprise a dangerous leak.”
In an added note, according to the article, other reports indicate that the National Security Agency (NSA) “collected Windows crash reports from its global wiretaps to monitor details of targeted PCs” – as revealed recently by Der Spiegel, the German news magazine.