Those access points can stealthily connect to a handset, noted Gavin Reid, director of threat research for Cisco Security Intelligence Operations. "A phone that's been set up to automatically connect to wireless networks will make that connection without you knowing it," he said in an interview.
Microsoft declined to comment in detail. "We are aware of this industry-wide issue, and after coordinating with the researchers and a thorough investigation, released mitigation guidance in Security Advisory 2876146 to help protect customers," the company said in an emailed statement.
It appears that the vulnerability can only be exploited in devices running Microsoft software. "Anyone who uses the vulnerable protocol would be susceptible to its problems," Tenable CEO Ron Gula said in an interview, "but I don't think there are other mobile platforms that can be targeted like this."
But other platforms may not be safe down the road.
"I wouldn't be surprised that over the next year or two years, you'll find another mobile platform with these types of issues," he said.
Sign up for CIO Asia eNewsletters.