Windows Phone enterprise users vulnerable to password-stealing WIFI hack

wifi-hackingMicrosoft has issues an advisory for Windows Phone 7.8 and 8 users who use Wireless PEAP-MS-CHAPv2 Authentication (normally in an enterprise setting) for WPA2 encryption that fake access points could steal their domain user name and password.

The issue combines a hack against the MS-CHAPv2 cryptographic scheme with the propensity of Windows Phones to try and connect automatically to any known wireless network based and the SSID.

Microsoft writes:

To exploit this issue, an attacker controlled system could pose as a known Wi-Fi access point, causing the targeted device to automatically attempt to authenticate with the access point, and in turn allowing the attacker to intercept the victim’s encrypted domain credentials. An attacker could then exploit cryptographic weaknesses in the PEAP-MS-CHAPv2 protocol to obtain the victim’s domain credentials. Those credentials could then be re-used to authenticate the attacker to network resources, and the attacker could take any action that the user could take on that network resource.

At present there is no known attacks in the wild, but the attack has been demonstrated recently, and seems relatively trivial to implement to harvest passwords at busy places such as airports or train stations, especially with WIFI now always on in Windows Phone 8.

Microsoft suggests users change the settings on their Windows Phone to stop it associating automatically with access points without first authenticating their digital certificate.

For the full remediation solution read the Microsoft advisory here.

Via Ars Technica

Comments