Wi-Fi Protocol Vulnerability Exposes WP 7 And 8 User's Personal Data
If you reading our blog from time to me, you've probably noticed that we think that smartphones are the greatest threat to our privacy, and that is the main reason why we try to highlight privacy and security problems with those portable devices. The main reason why they are so dangerous is people. Users tend to share too many sensitive data with that device and run mobile banking apps that's why hackers try to attack smartphones, hunting for your personal information.
You should know that there is no absolutely safe smartphone. All of those modern gadgets have their own specific vulnerabilities. Some of them exploit vulnerable spots of mobile OS, some of use gaps in security protocols. But the fact still remains. Most of vulnerabilities – are the fault of the user.
A situation with malicious applications for the most popular mobile operational systems proves that fact. As you probably know – in order to install an app on your Android smartphone you will have to approve all the permissions that app needs to work properly. And most of the users never read those, that's how malware gets to Android, they will approve anything to make the app install faster and at that point they miss the fact that app has asked for sending premium SMS to short phone numbers.
The situation with iOS is pretty same. Apple Store has really strict moderation rules and all the apps must be tested and approved before they get to the store itself. The easiest way for malware to get into your iPhone or iPad is through the third-party repositories. That's why we can say that users install viruses themselves.
But while the most dangerous vulnerabilities of iOS and Android are well known, Windows Phone OS's security gaps were rather rare to meet in the press and on the Internet. But there is one. Microsoft security advisory has found that Windows Phones have vulnerabilities in PEAP-MS-CHAPv2 (Protected Extensible Authentication Protocol with Microsoft Challenge Handshake Authentication Protocol version 2) protocol, which is used in authorization process in WPA2 based wireless networks.
When the smartphone tries to verify a hotspot evildoers are able to intrcept the authorization data and then use it to gain control over the device. Wi-Fi is vulnerable as it is, but in combination with that smartphone bug it may be used to steal personal data of the user, and sometimes access mobile banking information.
Microsoft still has no data about the possible damage from that bug and they have no updates and patches for it. Instead of fixing the problem Microsoft has released a step-by-step guide how to configure your device to avoid that bug.
But there is no guarantee that it will work. In order to make sure that your personal data is safe – it will be better to avoid public hotspots and use a Wi-Fi signal blocker. In that case that bug won't simply work. You have to remember that your personal data is really valuable, many big companies have huge profits form selling them, that's why you have to protect them.