Windows 10 has a feature called Wi-Fi Sense which will share your Wi-Fi keys with your friends and their contacts
Wi-Fi Sense, a Windows 10 feature appears like a danger to security, as it shares WiFi passwords with the user’s contacts, The Register has noted. Wi-Fi Sense is a newly introduced feature in the upcoming Windows 10 OS from Microsoft.
Wi-Fi Sense automatically connects you to nearby Wi-Fi networks, helping you save your cellular data for when you really need it and giving you more Internet connectivity options. However that means that lot of your friends and their contacts will also have your Wi-Fi keys without you knowing it.
These contacts include their Skype contacts, Outlook.com (nee Hotmail) contacts and with an opt-in, their Facebook friends. Though it saves your time to search for the Wi-Fi password in the house or office, this method of use is however not teamed up with security. For instance, if you walk close to a wireless network, and your friend is aware of the password, and you both have Wi-Fi Sense, then you can log into that network now.
Though the Wi-Fi Sense does not disclose the plaintext password to your family, friends, acquaintances, and the person who’s an Outlook.com contact, it does allow them to log in to your Wi-Fi, if they are also running Wi-Fi Sense. The password that must be stored in the center by Microsoft is reproduced on a device for it to work. Microsoft just makes an attempt to stop you looking at it. However, how successful will that be is not yet known.
“For networks you choose to share access to, the password is sent over an encrypted connection and stored in an encrypted file on a Microsoft server, and then sent over a secure connection to your contacts’ phone if they use Wi-Fi Sense and they’re in range of the Wi-Fi network you shared,” the Wi-Fi Sense FAQ states.
In addition, Microsoft says that Wi-Fi Sense will only provide internet access and will block connections to other things on the wireless LAN: “When you share network access, your contacts get internet access only. For example, if you share your home Wi-Fi network, your contacts won’t have access to other computers, devices, or files stored on your home network.”
It may sound wise, however, in practicality how it would be enforced is the question. The computer must know the key, if it is connected to a protected Wi-Fi network. Further, if the computer has knowledge about the key, then a persistent user or hacker will be able to figure it out inside the system and use it to log into the network with full access.
Theoretically, if a person wants to enter your company network could act as a friend of an employee or two, and drive into the office car park to be in range, and then obtain entry to the corporate wireless network.
Since version 8.1, the Windows Phones have the Wi-Fi Sense feature. For example, you don’t need to type the password into your laptop, if you have typed the password into your Lumia, as you are a friend of yourself. It’s not been much of a danger until now, given the inadequately installed base of Windows Phones.
The security risk is noteworthy with every laptop running Windows 10 in the business radiating access. The second problem is that you are giving Microsoft a list of your Facebook friends, as well as your wireless passwords by giving Wi-Fi Sense access to your Facebook contacts.
In an effort to handle the security hole it has created, Microsoft provides a workaround: you must add _optout to the SSID (the name of your network) to stop it from working with Wi-Fi Sense.
(So if you want to opt out of Google Maps and Wi-Fi Sense at the same time, you must change your SSID of, say, myhouse to myhouse_optout_nomap. Technology is great.)
By default, Microsoft enables Windows 10’s Wi-Fi Sense, and access to password-protected networks are shared with contacts till the time the user remembers to uncheck a box when they first connect. It would be a lot less useful if you choose to switch it off, but it would make for a more safer IT environment.
While the wireless passwords can be noted down and passed along to others, the network security check should not end at the Wi-Fi login prompt.
Source: The Register