Rogue hotspots can steal your Windows Phones saved WiFi passwords.

Microsoft is warning users that their Windows Phone 8 and Windows Phone 7.8 devices could be easily tricked into revealing login credentials for corporate WiFi access points secured with WPA2 protection. The vulnerability appears to build on a known security weakness in a Microsoft authentication protocol as well as the way Windows Phones connect to WPA2 networks.

How it works

Lets say Bob works for Acme Inc. and you use a Nokia Lumia 920 as his work phone. Every day Bobs phone automatically connects to the company's WiFi network, called ACME1, using WPA2 security.

Whenever Bobs phone sees a WiFi network called ACME1, the handset assumes that this is his work network and attempts to make a connection.

Now, lets say that two blocks down the street there's a cafe where a lot of ACME employees grab a latte on their lunch breaks. All a hacker would have to do is set-up a wireless router called ACME1 secured with WPA2 and wait for a Windows Phone to connect to the rogue access point.

Once Bob walks in with his Nokia 920 with the WiFi turned on, his phone will try to connect to the bogus ACME1 WiFi network. During the phony authentication process, the hacker will be able to intercept the encrypted domain credentials stored in Bobs phone.

Now, that wouldn't be a problem if Microsoft was using a cryptographic standard known to be resistant to attack, but Windows Phone uses an authentication protocol called PEAP-MS-CHAPv2 (Protected Extensible Authentication Protocol with Microsoft Challenge Handshake Authentication Protocol version 2) that packs some key cryptological weaknesses, which are exploited by this vulnerability.

So after the hacker nabs Bobs login credentials, the baddie can simply capitalize on the weak encryption to obtain Bobs credentials and then login to the real ACME1 with the same user privileges as Bob.

No patch incoming

Microsoft says it has no plans for a patch to fix this issue as the problem is the fundamentally weak cryptography used in PEAP-MS-CHAPv2. (On the plus side, Microsoft says it doesn't know of any examples of the weakness being actively used in the wild.)

As a workaround, Microsoft is advising corporate IT departments to require Windows Phone devices to validate a WiFi access point by checking its root certificate before attempting to connect. The other option, Microsoft says, is to turn off your phones WiFi capabilities. Anyone who needs to learn how to secure their Windows Phone device can find detailed instructions on <a href="http://technet.microsoft.com/en-us/security/advisory/2876146#section4"> Microsoft's Website.

Source: <a href="http://www.pcworld.com/article/2046025/rogue-hotspots-can-steal-your-windows-phones-saved-wi-fi-passwords-microsoft-warns.html">PC World

Submitted By: <a href="https://www.hellboundhackers.org/user/rex_mundi.html">rex_mundi