Microsoft warns of a rogue Wi-Fi vulnerability on our Windows Phones
Microsoft has issued an advisory warning concerning a Windows Phone vulnerability when connecting to rogue Wi-Fi networks.
The issue at hand rests in a Wi-Fi authentication scheme (PEAP-MS-CHAPv2) which our Windows Phones use to access protected wireless networks. Cryptographic weaknesses in the technology can allow an attacker to recover a Windows Phone encrypted domain credentials (passwords) when it connects to a rogue access point.
For those who aren't up on their security, a rogue access point is a wireless access point that has been installed on a secure company network without authorization or has been created by a hacker to accommodate attacks.
Microsoft is not expected to issue an update to correct this issue but instead recommends users require a certificate to verify a wireless access point before starting the authentication process from our Windows Phones.
Microsoft has detailed instructions on how to require the certification in their advisory that entails, deleting the Wi-Fi network from your Windows Phone and then re-establish the network connection after receiving the root certificate from the network's Corporate IT.
Source: Microsoft via: ARS Technica; Thanks, everyone, for the tip!
Get the Windows Central Newsletter
All the latest news, reviews, and guides for Windows and Xbox diehards.
George is the Reviews Editor at Windows Central, concentrating on Windows 10 PC and Mobile apps. He's been a supporter of the platform since the days of Windows CE and uses his current Windows 10 Mobile phone daily to keep up with life and enjoy a game during down time.