iOS, Android devices vulnerable to remote wipe with false certificate, Windows Phone not


Score one for Windows Phone.  It seems anyone who controls a network router (such as a hacker for example) can force Android handsets to Remote Wipe via Exchange Activesync using a man-in-the-middle attack using self-signed certificates. iOS 5 handsets were also vulnerable if slightly less so,.

The discovery came from research by security researcher Peter Hannay and was presented at Blackhat 2012 .

It seems Windows Phones have a much better implementation of Exchange Activesync (as one would expect) and rejected irrelevant certificates.

Given the increased presence of Android and iOS handsets in enterprise, one can can but imagine the mischief a determined hacker could come up with by initiating a company-wide remote wipe simply by hacking a router.

Find more detail about the hack in this PDF here.


Some links in the article may not be viewable as you are using an AdBlocker. Please add us to your whitelist to enable the website to function properly.