Microsoft has issued an advisory warning concerning a Windows Phone vulnerability when connecting to rogue Wi-Fi networks.
The issue at hand rests in a Wi-Fi authentication scheme (PEAP-MS-CHAPv2) which our Windows Phones use to access protected wireless networks. Cryptographic weaknesses in the technology can allow an attacker to recover a Windows Phone encrypted domain credentials (passwords) when it connects to a rogue access point.
For those who aren't up on their security, a rogue access point is a wireless access point that has been installed on a secure company network without authorization or has been created by a hacker to accommodate attacks.
Microsoft is not expected to issue an update to correct this issue but instead recommends users require a certificate to verify a wireless access point before starting the authentication process from our Windows Phones.
Microsoft has detailed instructions on how to require the certification in their advisory that entails, deleting the Wi-Fi network from your Windows Phone and then re-establish the network connection after receiving the root certificate from the network's Corporate IT.
Source: Microsoft via: ARS Technica; Thanks, everyone, for the tip!
