Microsoft warns WP8 and WP7.8 users against bug in Wi-Fi authentication protocol

Here’s a word of caution for those of you who are using smartphones running the Windows Phone OS. 

Microsoft has issued an advisory to adequately warn users against a certain weakness in the...

Wi-Fi authentication protocol called PEAP-MS-CHAPv2 (Protected Extensible Authentication Protocol with Microsoft Challenge Handshake Authentication Protocol version 2), and it is used by WP-running phones for WPA2 wireless authentication.

 

Now, if an attacker manages to exploit this weakness could get away with the credentials of the user used to connect to devices. Elaborating on the dangers of this weakness, the advisory continues that an exploited device could pose as a known Wi-Fi access point, prompting the targeted device to automatically try to authenticate with the access point. Once this is done, the attacker can positively gain access to the user’s crucial login credentials. What’s even worse is that the attacker can then go on to re-use those credentials to facilitate authentication to network resources. 

Of what is known at the moment, devices running WP8 and WP7.8 are the affected ones. Even as you’re reading this, Microsoft is monitoring the current situation. Here’s a list of actions that Microsoft has suggested WP8 and WP7.8 users apply. Concerned users must apply any one of these. Microsoft recommends that users require a certificate verifying a wireless access point before beginning the authentication process from WP8 devices. Else, they can turn off Wi-Fi on their devices. 

Source:http://tech2.in.com/news/general/microsoft-warns-wp8-and-wp78-users-against-bug-in-wifi-authentication-protocol/910224