Windows Phones Devices Has Weak Crypto, Reveals Passwords Easily To Hackers

So, you think that you have got a pretty clever password that hackers would find it difficult to crack? Perhaps you might be right, but make sure that your strong password is not betrayed by “incompetent” hardware. Microsoft has just issued a warning to IT departments to ensure that their Wi-Fi networks are well secured, right after it was discovered that a security vulnerability in Windows Phones itself will leak out users’ passwords.

In other words, anyone with a malicious intent are able to set up rogue hotspots that will eventually grab from devices employees’ encrypted domain credentials, which are essential information which is required to authenticate with corporate systems and access network resources. Unfortunately, the algorithm that encrypts this sensitive data remains cryptographically weak, which enables hackers to recover the login details in a jiffy, and posing as a staff instead.

Microsoft will not issue a security update in order to fix the vulnerability, though, but rather, they have asked IT managers to distribute a special root certificate for Windows Phone 8 and 7.8 devices which happen to access their networks. This particular certificate would enable the handsets to perform a confirmation that whatever corporate Wi-Fi access points that they are hooked to are genuine, before any sensitive data is transferred. This sounds like more of a stop-gap measure, don’t you think so?

Edwin Kee
Categories: Cellphones
Tags: Microsoft, Security, Windows Phone