*facepalm*theregister.co.uk wrote:A Windows 10 feature, Wi-Fi Sense, smells like a security risk: it shares Wi-Fi passwords with the user's contacts.
Those contacts include their Outlook.com (nee Hotmail) contacts, Skype contacts and, with an opt-in, their Facebook friends. There is method in the Microsoft madness – it saves having to shout across the office or house “what’s the Wi-Fi password?” – but ease of use has to be teamed with security. If you wander close to a wireless network, and your friend knows the password, and you both have Wi-Fi Sense, you can now log into that network.
Wi-Fi Sense doesn’t reveal the plaintext password to your family, friends, acquaintances, and the chap at the takeaway who's an Outlook.com contact, but it does allow them, if they are also running Wi-Fi Sense, to log in to your Wi-Fi. The password must be stored centrally by Microsoft, and is copied to a device for it to work; Microsoft just tries to stop you looking at it. How successful that will be isn't yet known.
"For networks you choose to share access to, the password is sent over an encrypted connection and stored in an encrypted file on a Microsoft server, and then sent over a secure connection to your contacts' phone if they use Wi-Fi Sense and they're in range of the Wi-Fi network you shared," the Wi-Fi Sense FAQ states.
Microsoft also adds that Wi-Fi Sense will only provide internet access, and block connections to other things on the wireless LAN: "When you share network access, your contacts get internet access only. For example, if you share your home Wi-Fi network, your contacts won't have access to other computers, devices, or files stored on your home network."
That sounds wise – but we're not convinced how it will be practically enforced: if a computer is connected to a protected Wi-Fi network, it must know the key. And if the computer knows the key, a determined user or hacker will be able to find it within the system and use it to log into the network with full access.
In theory, someone who wanted access to your company network could befriend an employee or two, and drive into the office car park to be in range, and then gain access to the corporate wireless network.
The feature has been on Windows Phones since version 8.1. If you type the password into your Lumia, you won’t then need to type it into your laptop, because you are a friend of yourself. Given the meagre installed base of Windows Phones it's not been much of a threat – until now.
With every laptop running Windows 10 in the business radiating access, the security risk is significant. A second issue is that by giving Wi-Fi Sense access to your Facebook contacts, you are giving Microsoft a list of your Facebook friends, as well as your wireless passwords.
In an attempt to address the security hole it has created, Microsoft offers a kludge of a workaround: you must add _optout to the SSID (the name of your network) to prevent it from working with Wi-Fi Sense.
(So if you want to opt out of Google Maps and Wi-Fi Sense at the same time, you must change your SSID of, say, myhouse to myhouse_optout_nomap. Technology is great.)
Microsoft enables Windows 10's Wi-Fi Sense by default, and access to password-protected networks are shared with contacts unless the user remembers to uncheck a box when they first connect. Choosing to switch it off may make it a lot less useful, but would make for a more secure IT environment.
Yes, wireless passwords can be written down and trivially passed along to others: we know network security shouldn't end at the Wi-Fi login prompt. But there's nothing like an OS automating the practice of blabbing passphrases to your mates, eh? ®
And people wonder why my skepticism of MS's very eager Windows 10 push is warranted.