|

 
|
| | Name : | James Johnson | Organization : | N/A | Post Date : | 9/30/2005 |
| Section : | 6.7 | Page no. : | | Line no.: | | Comment : | In the Microsoft environment, writing a programming to use the IrDA interface is designed to be simple and straightforward using Windows IrSock. This software is simple to program and operates like any other serial port when using the lower speed version (SIR). Higher speed versions of IrDA will communicate over high speed Ethernet ports as serial ports are usually limited to 115.2 Kb/s.
In some versions of the OS IrDA is Plug-and-Play. This means that when the operating system “boots up”, if it detects the presence of an IrDA device, it will automatically install the driver software required for communicating with it. This means Election Officials would have to take action to disable the device; a procedure that most officials would be unfamiliar with.
Microsoft Statement on the security of IrDA
Microsoft Windows 2000 provides support for infrared-based connectivity. This support is provided through protocols developed by the Infrared Data Association (IrDA). Because of this, they are often called IrDA devices. These devices can be used to share files and printers with other IrDA-device capable systems. The software that handles IrDA devices in Windows 2000 contains an unchecked buffer in the code that handles certain IrDA packets.
A security vulnerability results because it is possible for a malicious user to send a specially crafted IrDA packet to the victim's system. This could enable the attacker to conduct a buffer overflow attack and cause an access violation on the system, forcing a reboot.
[Statements submitted to NIST Technical Guidelines Development Committee] | |
|
|