Slashdot Mirror

← Back to Stories (view on slashdot.org)

MS: Windows Phone 8 Wi-Fi Vulnerable, Cannot Be Patched

Posted by timothy on from the is-there-a-workaround-for-the-workaround? dept.

Freshly Exhumed writes "Microsoft advises that a cryptographic problem in the PEAP-MS-CHAPv2 protocol used in Windows Phone 8 to provide WPA2 authentication allows a victim's encrypted domain credentials to be collected by an attacker posing as a typical WiFi access point. Redmond further states that this problem cannot be patched, although a set of manually entered configuration changes involving root certificates on all WP8 phones and on WiFi access points will apparently address the issue. WP7.8 phones are likewise vulnerable."

4 of 146 comments (clear)

  1. Why can't it be patched? by metrix007 · · Score: 5, Insightful

    If it can be fixed through manual configuration changes, why can't a patch make those same configuration changes?

    --
    If you ignore ACs because they are anonymous - you're an idiot.
    1. Re:Why can't it be patched? by Anonymous Coward · · Score: 4, Insightful

      watch as your actual-factual answer languishes at 0 while the "funny" comment about the NSA gets +5 Insightful.

    2. Re:Why can't it be patched? by DrXym · · Score: 3, Insightful

      Sounds like Microsoft has most to fear on their own campuses since I doubt that there are many other businesses with a high enough concentration of vulnerable phones who would be worth the risk.

  2. Wait by jayhawk88 · · Score: 3, Insightful

    What's so special about Windows Phone 8/7.8 with regards to this issue? If you're not requiring a cert validating the identity of your radius server/access point/whatever, ANY device is going to be vulnerable to a spoofed SSID kind of attack, right?