Does error reporting benefit hackers? A study conducted by a group of Windows experts outside Microsoft revealed that error reporting might actually benefited hackers. When a Windows user comes across a problem, the immediate action he would take is to report the problem to the Windows help or some other respective Microsoft support department for the product that he is using. The critical information about the user’s system such as its IP address, BIOS information, etc would also be sent to Microsoft. The hackers could hack in to this critical information and use them for their unethical uses.
As crash reports are in a simple form, this information can easily be used to attack the systems. In fact, hackers who want to attack the system of a user would prevent all possible chances of the recovery from such system flaws.
About the error reports being sent without the user confirmation
Although user confirmation is required to send a crash report or error report to Microsoft, there are cases of the report being sent without any confirmation from users. Oftentimes, such automated error reporting takes place when a user connects a new USB flash drive to his computer. When a flash drive is connected to a system, information such as Windows version, Service Pack version, BIOS version and number, IP address, etc are gathered and sent to Microsoft. These details are very useful to hackers who are looking for the right opportunity to steal critical data from the customers.
Obviously, the data leaking taking place as a result of automated error sending does not dangerously affect the individual users. However, it would be dangerous if it takes place in a large scale corporate facility. Using the data they received, the hackers could identify the weaknesses in the network system used and find enough loopholes to make their entry into the network. The more frequent the automated error reports or even confirmed error reporting takes place, the better information the hackers would have to help them attack the network.
The hackers are also capable of exploiting the solution sent to the users by Microsoft. Oftentimes, the solution would contain codes, settings and other unique troubleshooting steps essential to fix the problem associated with a particular network. After accessing these details, the hackers could develop their malicious programs to execute their attack effectively on these networks.
Microsoft is yet to react to the report. According to the Windows help forums, the tech giant is studying the report. It has assured the users that their concerns would be addressed.