1

I am connecting to a wi-fi network and blocked all IP addresses in this network with a regular Windows 10 firewall. The only available IP addresses are:

  • 192.168.1.1 = gateway
  • 192.168.1.102 = my own IP address

Some people from the wi-fi security team told me we are working on hacking people with Windows Update here.

Sometimes when I check Windows Update, it hangs and sometimes hours later it is working. It seems they are tampering with something on the other side with a Man In The Middle attack.

Another day I faced ARP poisoning from them.

  • Can they hack people with Windows Update that easily or not?
  • How can I prevent "Man In The Middle" attack and ARP poisoning?
schroeder
  • 129,372
  • 55
  • 299
  • 340
Minerva Developer
  • 11
  • 1
  • 1
    I tried microsoft web site for that and they told it is secure 80%. What does it mean 80%? - No idea what that means. I am not aware of any Microsoft websites which give you score, let alone in percentages. – Artem S. Tashkinov Feb 18 '23 at 11:21
  • 2
    Windows updates are signed by a private key of Microsoft, so tampering them will invalidate them in a way Windows update will no install them. – Robert Feb 18 '23 at 17:46
  • There's a lot here that needs more explanation and clarity. What does "The only available IP addresses are" mean? And why is your firewall rules relevant in this case? Who is this "wifi security team"? Is this your company? Why would your company "hack" its own computers? What did they really say? "It seems they are tampering ... " -- that's pure speculation. "Man In The Middle attack" -- that's also speculation and not necessary in this context, at least as you've described it. And your "80%" question is a non-starter, so I've removed it. – schroeder Feb 23 '23 at 09:10
  • "Another day I faced ARP poisoning from them." How do you know? There's just too much that is left to the imagination and your interpretation. And you appear to be combining different concepts and events. So, you need to provide more details and boil this down to the essentials. If your question is simply "can the Windows Update process be a route to infection?" then there are many answers to that question. But not to all the other pieces you are adding to the scenario. – schroeder Feb 23 '23 at 09:14

1 Answers1

2

All the downloaded updates are digitally signed and the WSUS verifies updates' signatures. So, even if there's MiTM going on, fake updates will simply fail signature verification and will not be installed.

Artem S. Tashkinov
  • 3,312
  • 7
  • 19
  • Windows 10+ supports peer-to-peer update sharing, so the bulk transport of the updates themselves is fundamentally insecure. The signature of the updates themselves is the primary defense against tampering. Apple does the same thing, the updates themselves are plain HTTP to enable proxy caching. – user71659 Feb 18 '23 at 21:23