Tuesday, August 6, 2013

Windows Phones Susceptible to Password Theft When Connecting to Rogue Wi-Fi

Smartphones running Microsoft's Windows Phone operating system are vulnerable to attacks that can extract the user credentials needed to log in to sensitive corporate networks, the company warned Monday...

"An attacker-controlled system could pose as a known Wi-Fi access point, causing the victim's device to automatically attempt to authenticate with the access point and in turn allowing the attacker to intercept the victim's encrypted domain credentials," the Microsoft advisory warned. "An attacker could then exploit cryptographic weaknesses in the PEAP-MS-CHAPv2 protocol to obtain the victim's domain credentials." (more)

Turn on certificate requirement before connecting to WPA2 networks. Now.