MS: Windows Phone 8 Wi-Fi Vulnerable, Cannot Be Patched

← Back to Stories (view on slashdot.org)

MS: Windows Phone 8 Wi-Fi Vulnerable, Cannot Be Patched

Posted by timothy on Thursday August 8, 2013 @01:29AM from the is-there-a-workaround-for-the-workaround? dept.

Freshly Exhumed writes "Microsoft advises that a cryptographic problem in the PEAP-MS-CHAPv2 protocol used in Windows Phone 8 to provide WPA2 authentication allows a victim's encrypted domain credentials to be collected by an attacker posing as a typical WiFi access point. Redmond further states that this problem cannot be patched, although a set of manually entered configuration changes involving root certificates on all WP8 phones and on WiFi access points will apparently address the issue. WP7.8 phones are likewise vulnerable."

38 of 146 comments (clear)

Min score:

Reason:

Sort:

Why can't it be patched? by metrix007 · 2013-08-08 01:31 · Score: 5, Insightful

If it can be fixed through manual configuration changes, why can't a patch make those same configuration changes?

--
If you ignore ACs because they are anonymous - you're an idiot.
1. Re:Why can't it be patched? by i+kan+reed · 2013-08-08 01:32 · Score: 5, Funny
  
  Because the NSA won't let them?
2. Re:Why can't it be patched? by Anonymous Coward · 2013-08-08 01:35 · Score: 5, Informative
  
  because the root certificate being installed is for the internal domain and Microsoft doesn't have that certificate.
  please note: this is only for PEAP using domain credentials. not standard WPA2-PSK that just about everyone uses.
3. Re:Why can't it be patched? by Anonymous Coward · 2013-08-08 01:42 · Score: 4, Insightful
  
  watch as your actual-factual answer languishes at 0 while the "funny" comment about the NSA gets +5 Insightful.
4. Re:Why can't it be patched? by aaron44126 · 2013-08-08 01:47 · Score: 4, Informative
  
  It says in the article that configuration changes must be made on the WiFi access points as well.
5. Re:Why can't it be patched? by fuzzyfuzzyfungus · 2013-08-08 02:04 · Score: 4, Informative
  
  If it can be fixed through manual configuration changes, why can't a patch make those same configuration changes?
  The configuration change is enabling server certificate validation. If the network is set up for this, all is well: just like SSL, the server demanding the credentials from the client connecting to the network has a certificate, which the client can verify before attempting to authenticate. Spoofing becomes effectively impossible without access to a suitably signed cert.
  However, if the authentication server is not set up to use a certificate, or is set up to use a certificate not signed by one of the CAs in the client's list of trusted authorities, enabling server certificate validation will cause the client to freak out and never attempt to authenticate (since validation will, correctly, fail.)
6. Re:Why can't it be patched? by Anonymous Coward · 2013-08-08 02:23 · Score: 3, Interesting
  
  because the root certificate being installed is for the internal domain and Microsoft doesn't have that certificate.
  please note: this is only for PEAP using domain credentials. not standard WPA2-PSK that just about everyone uses.
  The scary thing (if i read this correctly) is that someone could theoretically sit outside a business where a lot of WP8 users are, listen for a while to snoop the wireless details (SSID, AP's mac, whatever they want) and then set up a fake hotspot in the parking lot. As phones leave the building's wifi perimeter, they will try to re-auth to the fake hotspot and give away their user's credentials. The user can then turn their wifi gear toward the building, and log in as an insider with probably tons-o-access to the internal network and the crown jewels.
  Who cares if it's only a few businesses or that "most people" dont bother with it, the potential for targeted abuse is so huge that I don't see any sane enterprise keeping this turned on. They are better off just handing out "secret" WPA keys to their users than bothering with auth that basically ensures they are vulnerable.
7. Re:Why can't it be patched? by DrXym · 2013-08-08 04:08 · Score: 3, Insightful
  
  Sounds like Microsoft has most to fear on their own campuses since I doubt that there are many other businesses with a high enough concentration of vulnerable phones who would be worth the risk.
8. Re:Why can't it be patched? by r1348 · 2013-08-08 04:50 · Score: 2, Interesting
  
  Luckily, there's not such thing as a "business where a lot of WP8 users are", except maybe for Microsoft itself, but I wouldn't bet my life on it...
9. Re:Why can't it be patched? by WaffleMonster · 2013-08-08 05:23 · Score: 2
  
  The only thing you get is the encrypted credentials. Is PEAP-MS-CHAP v2 vulnerable to any practical attacks?
  If the TLS certificate is not validated all protections of TLS are null and void as it can be MITMd. In other words PEAP-MS-CHAPv2 becomes just MS-CHAPv2.
  Cracking MS-CHAPv2 is trivial...
  https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/
  Not just practical its EASY.
10. Re:Why can't it be patched? by sexconker · 2013-08-08 08:05 · Score: 2
  
  Maybe I shoud repeat the GP agan.
  No, a VPN by itself does not matter, what matters is that you put no resource besides internet accessible to whoever just authenticated into your wireless network. Anything that matters is inside a firewall, that people can traverse using a VPN.
  It does not make the attack fail, it just protects everything that is important.
  (And about having to authenticate at the access point, and the VPN, well, both are automatic, it shouldn't be a nuissance.)
  The credentials for the WiFi AP and the VPN are likely the same (domain credentials).
  Even if they're not, guess what the client does after hitting up that spoofed WiFi AP?
  Hint: It tries to establish a VPN connection.
  Even if it is smart enough to require some authentication before trusting the VPN (why would it when it's not smart enough to do that for the AP?), you can see everything the victim sends out (thinking it's on a legit AP), and you can join the legit AP and poke around to get the VPN's details.
  Even if the client and VPN negotiation is resilient to replay attacks, you're still in a position to MITM the whole game live once the victim connects to your AP. You're on the legit AP, the victim is on the spoofed one, you win.
  A VPN does not solve shit in this scenario.
Oh please by Anonymous Coward · 2013-08-08 01:35 · Score: 5, Informative

Every phone which implements CHAPv2 is vulnerable, because that's a broken algorithm. You can't patch it, because then it wouldn't be that algorithm anymore and stop working with other implementations of the algorithm. The right thing to do is to encapsulate it in a securely encrypted tunnel, but to have that, you have to check the certificates. If you don't secure the tunnel, an attacker can MITM you and crack the CHAPv2 inside. Not properly securing tunnels is a problem everywhere.
1. Re:Oh please by tysonedwards · 2013-08-08 01:41 · Score: 4, Funny
  
  The fact that we have such lax tunnel security is a travesty.
  I propose that we immediately bring in the TSA to man the entrance to every tunnel, for our children!
  
  --
  Thirty four characters live here.
2. Re:Oh please by jrumney · 2013-08-08 02:07 · Score: 4, Informative
  
  Every phone which implements CHAPv2 is vulnerable
  Other phones don't automatically give out your corporate domain login details using it though.
3. Re:Oh please by rodrigoandrade · 2013-08-08 02:12 · Score: 2
  
  But lambasting Microsoft and Windows phones is a lot more entertaining than some boring technical and cohesive explanation.
4. Re:Oh please by 93+Escort+Wagon · 2013-08-08 02:28 · Score: 4, Informative
  
  Well, to be fair to the blasters and lambasters:
  - This is a protocol developed by Microsoft, and it's fundamentally broken
  - Knowing it's fundamentally broken, Microsoft still included it on their phone and enabled its use by default
  
  --
  #DeleteChrome
5. Re:Oh please by cbhacking · 2013-08-08 07:50 · Score: 2
  
  Assuming you don't use certificate validation for the SSL tunnel over which the MS-CHAPv2 communication occurs (which requires configuring each access point manually), then you can spoof the SSL connection (trivially), at which point it's just down to MS-CHAPv2. This algorithm boils down to three DES operations - not 3DES (which has an effective key strength of 112 bits, lower than the weakest AES key but still practically impossible to crack) but three independent and parallelizable DES operations. Each one has a key strength of 56 bits, so the total is (2^56)*3 possibilities, or about 57.585 bits of entropy. Look up CloudCracker; it can break MS-CHAPv2 via brute force in about a day by using massively parallel attacks on DES, and the keyspace just isn't big enough.
  
  --
  There's no place I could be, since I've found Serenity...
Wait by jayhawk88 · 2013-08-08 01:35 · Score: 3, Insightful

What's so special about Windows Phone 8/7.8 with regards to this issue? If you're not requiring a cert validating the identity of your radius server/access point/whatever, ANY device is going to be vulnerable to a spoofed SSID kind of attack, right?
1. Re:Wait by wmac1 · 2013-08-08 02:22 · Score: 2
  
  Don't take the fun out of it please :) !
Rather than issue a security advisory.. by Trailer+Trash · 2013-08-08 01:42 · Score: 4, Funny

They ought to just call the guy who bought one and explain it to him.

--
Do you have ESP?
Re:Never met anyone who had a windows 8 phone by DogDude · 2013-08-08 01:53 · Score: 2

Hello! Nice to meet you. My girlfriend has one, too.

--
I don't respond to AC's.
Re:Can't you protect it with HOST files? by Anonymous Coward · 2013-08-08 01:56 · Score: 5, Interesting

Robert Scoble is a former technology evangelist at Microsoft who decided to leave the company in June 2006 to become the vice president of Podtech.net. At that time, it was believed that Scoble had resigned because he was looking for a higher salary elsewhere.
Innovation is the key, he said, pointing out that Microsoft had completely failed to get itself noticed in the tablet and smartphone markets.
"Since I've left [Microsoft], what have they done that's interesting? Microsoft [Xbox] Kinect is the only thing I can think of and for a company that has 90,000 employees, to have only one product that you can point to that's innovative, that's pretty disappointing I think,” he said according to The Age.
"Compare that to Google, which is showing you self-driving cars, Google Glass and a phone that you can talk to, the Moto X, and on and on — automatic picture improvements on Google+ — It's a much more innovative company that is driving the future harder and faster."
One of the reasons why Microsoft fails to innovate right now is the current leadership, Scoble explained, revealing that Steve Ballmer is actually trying to make more money by rolling out innovative technologies.
“I just don't believe Steve Ballmer really likes the future. When I interviewed [him] he said innovation is something cool that makes a lot of money. And that's absolutely not true. [Google Glass] might never make a dollar but it's new, it's interesting [and] it causes conversations. If you're an innovator, you push the future ahead. You don't care whether it necessarily makes a dollar,” he continued.
http://news.softpedia.com/news/Former-Employee-Says-That-Microsoft-Is-Not-Longer-Cool-Blames-Steve-Ballmer-373770.shtml
Parent must be spam by jabberw0k · 2013-08-08 01:58 · Score: 2, Informative

Real Slashdot users don't have girlfriends (or boyfriends for that matter).
Re:oops... by binarylarry · 2013-08-08 02:18 · Score: 4, Funny

Nah, whats the fun in hacking all 5 people who've bought Windows Phones?
Apple Newton probably has bigger marketshare right now.

--
Mod me down, my New Earth Global Warmingist friends!
Where does it say that it cannot be patched? by Fosterocalypse · 2013-08-08 02:41 · Score: 4, Informative

You put it in quotes so I assumed you were quoting one of the two links you put in but neither state that. I know there's a lot of anti-MS people here but stick to the facts please. I understand that the current solution they offer is not a patch but something that the user needs to do manually, but seriously when you quote something use what they actually said. "Recommendation. Apply the suggested action to require a certificate verifying a wireless access point before starting an authentication process. Please see the Suggested Actions section of this advisory for more information." - from: http://technet.microsoft.com/en-us/security/advisory/2876146
1. Re:Where does it say that it cannot be patched? by UnknowingFool · 2013-08-08 03:07 · Score: 3, Informative
  
  I think technically the flaw cannot be patched, but the vulnerability can be mitigated. Just reading it, it seems to be an inherent problem with the algorithm. Presumably it is analogous to the DNS cache poisoning flaw that Dan Kaminsky discovered in 2008. DNS was patched to make it less vulnerable but the flaw existed in the protocol itself. There was no truly way to fix it without re-writing the protocol. Replacing it with DNSSec was the recommended course of action.
  
  --
  Well, there's spam egg sausage and spam, that's not got much spam in it.
2. Re:Where does it say that it cannot be patched? by WaffleMonster · 2013-08-08 05:13 · Score: 3, Interesting
  
  I think technically the flaw cannot be patched, but the vulnerability can be mitigated. reading it, it seems to be an inherent problem with the algorithm.
  This is not the case here. It is a flaw in the MS implementation of a technology rather than the technology itself. A flaw by the way does not exist in other versions in Microsofts own products if they are configured properly.
  
  Presumably it is analogous to the DNS cache poisoning flaw that Dan Kaminsky discovered in 2008. DNS was patched to make it less vulnerable but the flaw existed in the protocol itself. There was no truly way to fix it without re-writing the protocol.
  There was no way to fix SYN attacks against TCP without replacing it either...oh wait yes there was cookies were added to mitigate the problem and today are widely deployed. The same solution for DNS continues to sit on a shelf and collect dust for no sane reason.
  http://tools.ietf.org/html/draft-eastlake-dnsext-cookies-03
  
  Replacing it with DNSSec was the recommended course of action.
  April 1st must come late this year cuz DNSSec is glued on top of DNS and has all the same insane transport issues that we continue to allow DNS to have. Only now now with significantly higher computational cost and DDOS amplification factors which just might give SNMP with public community strings a run for its money.
3. Re:Where does it say that it cannot be patched? by UnknowingFool · 2013-08-08 07:18 · Score: 2
  
  There was no way to fix SYN attacks against TCP without replacing it either...oh wait yes there was cookies were added to mitigate the problem and today are widely deployed. The same solution for DNS continues to sit on a shelf and collect dust for no sane reason.
  The inherent problem is that DNS uses a 16-bit number for the query id as a means to authenticate the response. Changing DNS to use a larger number would require a major re-architecture of the protocol. The short-term patch was to pair the id with a 16-bit port number to increase the possible combinations. But that was only a short-term solution.
  
  April 1st must come late this year cuz DNSSec is glued on top of DNS and has all the same insane transport issues that we continue to allow DNS to have. Only now now with significantly higher computational cost and DDOS amplification factors which just might give SNMP with public community strings a run for its money.
  Um what? If I said WPA is vulnerable, replace it with WPA2, would your response be "Wait, WPA2 is glued on top of WPA!" Also I didn't recommend DNSSec. Dan Kaminsky and others did: "DNSSec has been proposed as the way to bring cryptographic assurance to results provided by DNS, and Kaminsky has spoken in favor of it."
  
  --
  Well, there's spam egg sausage and spam, that's not got much spam in it.
Re:Use windows by QilessQi · 2013-08-08 03:00 · Score: 2

Some folks argue that the stories (or, rather, the presentation and discussion of them) are unfairly slanted against Microsoft. For me, it comes down to this:
When a company has a warchest in excess of 500 billion US dollars, as well as immense market penetration in a variety of domains -- desktop operating systems, web browser, word processing software, spreadsheet software, etc. -- it is expected to have its act together.

--
Koans and fables for the software engineer
Re:Use windows by rullywowr · 2013-08-08 03:42 · Score: 2

Some folks argue that the stories (or, rather, the presentation and discussion of them) are unfairly slanted against Microsoft. For me, it comes down to this:
When a company has a warchest in excess of 500 billion US dollars, as well as immense market penetration in a variety of domains -- desktop operating systems, web browser, word processing software, spreadsheet software, etc. -- it is expected to have its act together.
(CompanyX AND 500 billion dollars) != "its act together"
For example:
Windows ME
Windows Vista
Zune
Games for Windows Live/Steam DRM
Surface RT
Xbox One and their DRM strategy (until it was revoked)
This is a willfull and intentional act by WaffleMonster · 2013-08-08 03:59 · Score: 4, Interesting

I personally contacted MS security people about this years ago before WP8 was released and they told me they would look into this and get back to me guess what I tried to follow up and they never did.
To be very clear the problem is complete lack of necessary levers and knobs to validate the TLS certificate and common name of certificate in WP7-8. Without these options TLS is trivially MITMd this leaves only MS-CHAPv2 which has known to have been completely and publically broke for years.
What is worse they don't even try there is not even a leap of faith latch as there is in other mobile platforms whereby if the cert changes it at least tells you it is different... The system never warns you or anything.
To be even more clear this is not a problem that Microsoft just stumbled on... They knew full goddamn well what the implications of leaving those levers and knobs out of WP7 were... They knew about them circa 2002-2003 when their wireless supplicant was released for XP. They just didn't give a shit.
Re:Use windows by QilessQi · 2013-08-08 04:43 · Score: 2

Oh, I agree ... Microsoft doesn't have its act together. My point was that given its war chest and the demands of its current user base, it should. There's simply no excuse.
I think that's why some of us on /. come down harder on Microsoft then on smaller companies. Sure, all software shops produce buggy code from time to time. And many vendors ship products that they hope will be game changers but that, ultimately, people aren't interested in. But most of these companies don't have a zillion dollars to spend on usability studies, development, and testing.

--
Koans and fables for the software engineer
Re:Product death ... by Windowser · 2013-08-08 05:05 · Score: 2

.....You do realize Windows Phone market share is growing faster than any other currently?
Statistics are like bikinis. What they reveal is suggestive, but what they hide is vital.
Take this simple example :
Company A as only 1 user of their phone. Then another person buy the phone. Now there is only two user, but they just doubled their users, 100% increase !
Company B as 100 users of their phone. Then another person buy the phone. Now there is 101 usersm but only 1% increase

If you only look at the stats, Company A is growing way faster than Company B.

--
Avoid the MS tax, always buy I.B.M. PC's (I Built-it Myself)
Re:How do you get on on the day it won't turn on? by oji-sama · 2013-08-08 05:42 · Score: 2

How the fuck do you forget leap years?
The same way you forget the month December from calendar I guess. It is strange, though.

--
It is what it is.
Re:How do you get on on the day it won't turn on? by cbhacking · 2013-08-08 07:55 · Score: 2

First point: it didn't "forget" leap years, there was just a logic error in the special-case code that handled them. Forgot to test, perhaps, but not actually forgot.
Second point: Microsoft didn't write that code. It was part of the clock module that was built into the hardware that they used. Again, perhaps they should have tested it themselves, but the clock module's code quality itself wasn't Microsoft's fault.

--
There's no place I could be, since I've found Serenity...
Re:Use windows by theskipper · 2013-08-08 08:28 · Score: 2

Just a nitpick, you're a wee bit off there with $500B. Actual cash on balance sheet is $76B. Market cap is approximately $273B.
Re:Use windows by QilessQi · 2013-08-08 10:50 · Score: 2

My bad: the Forbes article I grabbed it from is a year old:
http://www.forbes.com/sites/afontevecchia/2012/01/20/dont-underestimate-microsoft-but-watch-out-for-margin-compression/
"Bing is another powerful tool Microsoft can juice. Despite “continuing to rack up operating losses,” Bing is “inching up the search ladder,” according to Caris, growing revenues 13% to $784 million. Microsoft is sitting on a massive $512.7 billion war chest with which it supports acquisitions and businesses like Bing, which are strategic in tapping into Google and Yahoo’s all-important search revenues. According to comScore, Bing’s market share is now up to 15.1% (as of December), compared to 14.5% for Yahoo and 66% for Google."

--
Koans and fables for the software engineer
Re:Use windows by theskipper · 2013-08-08 12:28 · Score: 2

Yes, definitely a typo on their part. Decimal point should be shifted one place to the left.