Wireless networks have become an essential component of virtually every enterprise. The security technology for these networks (WPA2 Enterprise) has been designed for a world that is very different from today’s world. Basic assumptions for secure deployment of the technology are now violated systematically. As a result, Wi-Fi enabled personal devices are typically at risk of leaking single sign-on enterprise credentials everywhere and without any need of explicit action from their owners. It is necessary to emphasize this pervasive yet largely underestimated risk.
