iOS, Android devices vulnerable to remote wipe with false certificate, Windows Phone not

image_thumb

Score one for Windows Phone.  It seems anyone who controls a network router (such as a hacker for example) can force Android handsets to Remote Wipe via Exchange Activesync using a man-in-the-middle attack using self-signed certificates. iOS 5 handsets were also vulnerable if slightly less so,.

The discovery came from research by security researcher Peter Hannay and was presented at Blackhat 2012 .

It seems Windows Phones have a much better implementation of Exchange Activesync (as one would expect) and rejected irrelevant certificates.

Given the increased presence of Android and iOS handsets in enterprise, one can can but imagine the mischief a determined hacker could come up with by initiating a company-wide remote wipe simply by hacking a router.

Find more detail about the hack in this PDF here.

Via WPSauce.com

Comments