Thursday, 15 August 2013

Rogue hotspots can steal your Windows Phone's saved Wi-Fi passwords, Microsoft warns

Description

If you have Windows Phone 8 and Windows Phone 7.8 then your device is very prone to get tricked into revealing login credentials for corporate Wi-Fi access points secured with WPA2 protection. Here is a detail about this.







Solution:


In what way it works

For example, Bob is an employee of Acme Inc. and use Nokia Lumia 920 as his work phone. Obviously, this phone automatically get connected to company’s Wi-Fi network everyday known as ACME1, using WPA2 security. Now, the handset makes an attempt to connect to this whenever it finds a Wi-Fi network. Suppose, there is a café two blocks down the street where many employees of ACME goes very often. For a hacker, it is very easy to set-up a wireless router called ACME1 secured with WPA2 and wait for a Windows Phone to connect to the rogue access point. While the phone try to connect to the network, the hacker can intercept the encrypted domain credentials stored in Bob’s phone. As Windows phone uses an authentication protocol which has some key cryptological weaknesses thus, this is vulnerable to the attack.

No Solution yet

According to Microsoft, they don’t have any solution to fix the problem as it is related to weak cryptography used in PEAP-MS-CHAPv2. It is important for Windows Phone devices to validate the Wi-Fi access point by checking its root certificate before attempting to connect.

Wireless PEAP-MS-CHAPv2 Authentication Could Allow Information Disclosure

For exploiting this issue, an attacker controlled system could pose as a known Wi-Fi access point and cause the targeted device to authenticate with the access point automatically. In this way, an attacker can intercept the victim's encrypted domain credentials. Through this, attacker can exploit cryptographic weaknesses in the PEAP-MS-CHAPv2 protocol for obtaining victim’s domain credentials.

Thus, you need to be very careful when connecting your Windows phone to Wi-Fi. For more from the XpertCrewTM team, please follow us on Twitter @Techvedic or contact Techvedic’s computer support helpdesk, as per below contact-details:

U.S. +855-859-0057 (http://www.techvedic.com/  )
U.K. +800-635-0716 (http://www.techvedic.co.uk/ )
CA  1-855-749-5861 (http://www.techvedic.ca/ )
AU  1-800-197-298  (http://www.techvedic.com.au/ )
We would be more than happy to help you. We are available 24/7.

Keywords: microsoft contact number, call Microsoft, windows phon, windows mobil, windows smartphone

Related Posts:

  • How to access Webpage while watching YouTube? DescriptionWhile watching a YouTube video, there is a common problem which you might have faced. The problem is you can’t view any of the page content during this. If you do so then YouTube video gets hidden and you can o… Read More
  • How to move photos across Facebook photo albums? DescriptionIf you have too many photos then dumping all photos in one folder doesn’t make any sense. Thus, it is better to create multiple albums to categorize all photos. But, what about those photos which you have alrea… Read More
  • 5 Other Video Sites Like YouTube Description When it comes to the most popular video sites, YouTube comes on the top. In fact, it almost has more than one billion unique monthly visitors. Although, YouTube can stay ahead with its viewership statistics … Read More
  • Create the perfect parallax wallpaper in iOS 7 DescriptioniOS 7 provides an exclusive interactive layer throughout the operating system. On changing the viewing angle of your device by tilting it in different direction, any graphics present on the screen will give rea… Read More
  • Simple tool checks multiple Apple stores for iPhone 5S stock Description For checking iPhone 5S stock, an unofficial tool has arrived. If you are planning to buy iPhone 5S from an Apple retail store then there is an unofficial tool through which you can search for multiple stores… Read More

0 comments:

Post a Comment