Rogue hotspots can steal your Windows Phone's saved Wi-Fi passwords, Microsoft warns ~ Online tech-support solutions- By- Techvedic

Thursday 15 August 2013

Rogue hotspots can steal your Windows Phone's saved Wi-Fi passwords, Microsoft warns

Description

If you have Windows Phone 8 and Windows Phone 7.8 then your device is very prone to get tricked into revealing login credentials for corporate Wi-Fi access points secured with WPA2 protection. Here is a detail about this.

Solution:

In what way it works

For example, Bob is an employee of Acme Inc. and use Nokia Lumia 920 as his work phone. Obviously, this phone automatically get connected to company’s Wi-Fi network everyday known as ACME1, using WPA2 security. Now, the handset makes an attempt to connect to this whenever it finds a Wi-Fi network. Suppose, there is a café two blocks down the street where many employees of ACME goes very often. For a hacker, it is very easy to set-up a wireless router called ACME1 secured with WPA2 and wait for a Windows Phone to connect to the rogue access point. While the phone try to connect to the network, the hacker can intercept the encrypted domain credentials stored in Bob’s phone. As Windows phone uses an authentication protocol which has some key cryptological weaknesses thus, this is vulnerable to the attack.

No Solution yet

According to Microsoft, they don’t have any solution to fix the problem as it is related to weak cryptography used in PEAP-MS-CHAPv2. It is important for Windows Phone devices to validate the Wi-Fi access point by checking its root certificate before attempting to connect.

Wireless PEAP-MS-CHAPv2 Authentication Could Allow Information Disclosure

For exploiting this issue, an attacker controlled system could pose as a known Wi-Fi access point and cause the targeted device to authenticate with the access point automatically. In this way, an attacker can intercept the victim's encrypted domain credentials. Through this, attacker can exploit cryptographic weaknesses in the PEAP-MS-CHAPv2 protocol for obtaining victim’s domain credentials.

Thus, you need to be very careful when connecting your Windows phone to Wi-Fi. For more from the XpertCrew^TM team, please follow us on Twitter @Techvedic or contact Techvedic’s computer support helpdesk, as per below contact-details:

U.S. +855-859-0057 (http://www.techvedic.com/ )

U.K. +800-635-0716 (http://www.techvedic.co.uk/ )

CA 1-855-749-5861 (http://www.techvedic.ca/ )

AU 1-800-197-298 (http://www.techvedic.com.au/ )

We would be more than happy to help you. We are available 24/7.

Keywords: microsoft contact number, call Microsoft, windows phon, windows mobil, windows smartphone

Online tech-support solutions- By- Techvedic

Techvedic – a globally acknowledged Internet and Communication Technology (ICT)-based company – is poised to empower individuals and businesses with the various components of ICT. We offer tech support, cloud backup & recovery, cloud-based CRM and e-Commerce website builder.

Thursday 15 August 2013

Rogue hotspots can steal your Windows Phone's saved Wi-Fi passwords, Microsoft warns

0 comments:

Post a Comment

Get in touch

Follow Techvedic

About Techvedic

Blog Archive

Recent Post

Popular Posts

Labels

Contributors

Total Pageviews