Windows error and crash logs send out ample of data back to Microsoft in the clear without being encrypted, which cloud allow hackers and government agencies to spy on users.
Alex Watson, director of threat research at Websense, revealed through a blog post on Sunday that they have observed that Windows Error Reporting (a.k.a. Dr. Watson) sends out crash logs in plain text which “could ultimately allow eavesdroppers to map out vulnerable endpoints and gain a foothold within the network for more advanced penetration.”
Watson noted that everytime a user plugs in a USB based device into their Windows system, the computer sends out information about the USB device such as its manufacturer, identifier, device revision; and about the host computer including default language, operating system and service pack, hardware manufacturer, model, bios version, etc. without any user intervention.
“While this information is no doubt critical for Microsoft to debug application crashes and hardware configurations, it can represent a significant information leak when it leaves an organization without being encrypted” notes Watson.
Watson notes that on analysis of hardware change notification logs being sent to Watson.microsoft.com and building up lookup tables that map vendor IDs with product IDs, one can easily determine to the extent of what particular phone was plugged into which laptop running what bios.
Further Watson also pointed that ‘stage one’ crash reports are also being sent out in the clear that could reveal information such as application name, app library, compute make, operating system version along with service pack, etc. Such information if collected through low-volume man-in-the-middle attacks at the ISP level will allow the perpetrators to harness valuable details about potential targets.
The report by Websense follows a report from German newsmagazine Der Spiegel that claimed that NSA collects Windows crash logs to collect information about its potential targets such as operating systems; installed software; patch information; potential vulnerabilities that could be exploited; and devices and peripherals that are plugged into computer systems.