Windows Phone vulnerable to credential-stealing WiFi attack
Everybody knows (or at least, very much should) that it’s not a great idea to connect to unknown and untrusted WiFi networks. After all, they’re your conduit to the internet, and anything you send through them, unless properly secured, could in theory be intercepted by the administrator of that access point. This week, however, we learn of a new WiFi vulnerability that can strike Windows Phone users even when they’re trying to be vigilant about which networks they allow their phones to use.
The problem deals with how domain credentials are utilized, which are prevalent in corporate settings. An attacker can set up a fake AP, mimicking a legitimate one you’ve told your phone to willingly connect to. Then, by using a cryptographic attack on the authentication process, the attacker could remotely extract those domain credentials from your phone, and in turn give him or herself access to that corporate network.
Somewhat surprisingly, there are no plans to issue a patch for this vulnerability. Instead, Microsoft’s work-around is directing users to configure their phones to only connect to access points in possession of a verified digital signature (using the “Validate Server Certificate” WiFi option). That should prevent them from attempting to authenticate with a rogue AP in the first place.