Windows Based Phones WiFi Vulnerable, Will Not Be Patched

Microsoft announced in an advisory that version 7.8 and 8 Windows smart phones are vulnerable to an hostile actor stealing domain credentials off the phone’s WiFi connection.  A hostile actor acting as a WiFi hotspot (say with a WiFi pineapple) can intercept this information and exploit a weakness in the Protected Extensible Authentication Protocol  that Microsoft uses called PEAP-MS-CHAPv2.  Once this is exploited the hostile actor can then log into the domain with the gathered credentials and have access to the same data and resources that the owner of the Windows phone has.

Microsoft states that they are currently not aware of any exploitation code in the wild.  Microsoft will not be issuing a patch for this because it is a vulnerability in the protocol used to communicate and not Microsoft software.  There are two possible fixes:  1) disable WiFi on the phone  2) require a certificate verifying a wireless access point before starting an authentication process.

The TechNet Advisory (#2876146) can be found at: http://technet.microsoft.com/en-us/security/advisory/2876146

More info on the PEAP-MS-CHAPv2 protocol can be found at: http://technet.microsoft.com/en-us/library/cc779326(v=ws.10).aspx

Post by Protocol 46