Smartphones based on Windows Phone WiFi-exposed vulnerabilities

Smartphones based on Windows Phone WiFi-exposed vulnerabilities

Smart phones running the operating system Windows Phone susceptible to attacks that could expose user details necessary to enter the private corporate network resources. This was today warned by Microsoft. According to the company, the vulnerability lies in the authentication scheme WiFi, known as PEAP-MS-CHAPv2, which is used by Windows Phone-smartphone for work in WiFi-networks that are protected by technological WPA2. Cryptographic vulnerability in technology created Microsoft, allows attackers to restore the login information for a secure enterprise domains and resources when the client connects to the victim of false access point.

 Note that Microsoft released a bulletin for more than a year after the independent experts have developed an algorithm attack, working against the MS-CHAPv2. Independent experts say that a new attack is largely based on previously identified vulnerabilities, and comes from the fact that Windows Phone does not check the digital certificates of authenticity for points.

At Microsoft itself said that with proper implementation of the attack, the attacker can quite easily get access to restricted corporate resources. The company also said that it is not planning to release a patch for this vulnerability and will include it in the overall composition of updates, and corporate network administrators Corporation advised to use digital certificates for access points to the network. Also in the Microsoft bulletin contains information about how to configure the authentication process to Windows Phone 8 to work with a digital certificate from the WiFi AP.