iOS, Android devices vulnerable to remote wipe with false certificate, Windows Phone not

Home » News

Reading time icon 1 min. read

Calendar icon Published on

by Surur Davids 

published on

Share this article

Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

image_thumb

Score one for Windows Phone.  It seems anyone who controls a network router (such as a hacker for example) can force Android handsets to Remote Wipe via Exchange Activesync using a man-in-the-middle attack using self-signed certificates. iOS 5 handsets were also vulnerable if slightly less so,.

The discovery came from research by security researcher Peter Hannay and was presented at Blackhat 2012 .

It seems Windows Phones have a much better implementation of Exchange Activesync (as one would expect) and rejected irrelevant certificates.

Given the increased presence of Android and iOS handsets in enterprise, one can can but imagine the mischief a determined hacker could come up with by initiating a company-wide remote wipe simply by hacking a router.

Find more detail about the hack in this PDF here.

Via WPSauce.com

Surur Davids

Surur Davids Shield

Smartphone Expert

Surur Davids is the founder of WMPoweruser which later became MSPoweruser.com. He's a smartphone expert with over a decade of experience.

User forum

0 messages