Spawn

Administrator
Verified
Staff member
ZDNet: Windows Phones open to hackers when connecting to rogue Wi-Fi
Microsoft has warned that a vulnerability in Windows Phone operating systems could allow hackers to access your passwords when connected to rogue Wi-Fi hotspots.

Fix: TN Advisory 2876146

The bulletin, advisory 2876146, says that hackers could exploit a known weakness in the Wi-Fi authentication protocol known as PEAP-MS-CHAPv2 (Protected Extensible Authentication Protocol with Microsoft Challenge Handshake Authentication Protocol version 2). The protocol is used in Windows Phones for WPA2 wireless authentication.

The tech giant says that an attacker can exploit a weakness in the protocol when the mobile device attempts to automatically authenticate with a hotspot posing as Wi-Fi. Once the attempt to connect is made -- without user permission -- a hacker can intercept the victim's encrypted domain credentials before decrypting and lifting the data.