A security researcher has found a potentially massive security hole in Windows 8 that would expose someone's contacts and other information from social networking services and email including Gmail, Facebook, Hotmail, LinkedIn, and Twitter, among others. It sounds serious, but there may be less to the security hole than meets the eye.
Woody Leonhard, an old friend of mine, first reported on the hole in Infoworld. The hole comes about because Windows 8 can grab contact and other data from multiple external sites so that you can see them all in one place. That's one of the benefits of Windows 8 -- Metro is designed to be a central hub for information across the Internet, and then bring that information to you rather than you going out and seeking it.
Leonhard notes, though, that in the current Consumer Preview of Windows 8, all that information is kept on a machine even after the PC is turned off, and that someone may be able to get access to all of it. He writes:
"Windows 8 doesn't build its Contacts list dynamically. Instead, it keeps a cache of contacts from all of those sources stored on the machine. The cache persists even when the user logs off or the machine is turned off. That means anyone who can sign on to your PC with an administrator account can see all of your contacts and all of their data -- names, email addresses, pictures, telephone numbers, addresses -- whatever you have on file or whatever's been sucked in from Hotmail, Gmail, Facebook, Twitter, and LinkedIn."
Leonhard found out about the hole from a white paper written by Amanda C.F. Thomson, a graduate student at George Washington University. (You can get the white paper and more information from her blog, PropellerHeadForensics.)
It's certainly frightening stuff. But keep in mind that for anyone to get access to that cache, they'll need to log in to the Windows 8 machine with administrator access. And in that case, they'll be able to get access to a lot of this information without having to dig into the cache -- Metro will be grabbing information from multiple services, and that information will be displayed in plain sight. However, it is true that the cache will make it easier for someone to grab all the contact information in one fell swoop, so it is an added security threat.
The real problem isn't as much Windows 8 as it is the overuse of an administrator account. People should use such an account only rarely, and not for normal operations of their PC, because of the access it gives to all parts of the operating system. And they should never share that account with others. Mark Baldwin, principal researcher and consultant at InfosecStuff, told Taylor Armerding of CSO that
"If an unauthorized person has admin rights on your machine, then you have more problems to worry about than your Facebook and email contact information."
I think it's likely that Microsoft will protect the cache in some way, so that even administrator accounts won't be able to directly view it. The cache is only there to improve performance, so that it doesn't have to be rebuilt every time someone logs on. So don't be surprised if it's eventually encrypted.
Woody is certainly right -- the cache is a potentially security danger. But it's not as bad as it seems at first glance, and Microsoft may fix it before the operating system's final release.
via COMPUTER WORLD