Microsoft is warning users that their Windows Phone 8 and Windows Phone 7.8 devices could be easily tricked into revealing login credentials for corporate Wi-Fi access points secured with WPA2 protection. The vulnerability appears to build on a known security weakness in a Microsoft authentication protocol as well as the way Windows Phones connect to WPA2 networks.
How it works
Let's say Bob works for Acme Inc. and you use a Nokia Lumia 920 as his work phone. Every day Bob's phone automatically connects to the company's Wi-Fi network, called ACME1, using WPA2 security.
Whenever Bob's phone sees a Wi-Fi network called ACME1, the handset assumes that this is his work network and attempts to make a connection.
Now, let's say that two blocks down the street there's a café where a lot of ACME employees grab a latte on their lunch breaks. All a hacker would have to do is set-up a wireless router called ACME1 secured with WPA2 and wait for a Windows Phone to connect to the rogue access point.
ConversionConversion EmoticonEmoticon