With the release of Microsoft Windows 10 came a host of new features. Many long-time users now have a more familiar Start menu, virtual desktops have to come to the rescue of single monitor users, and Cortana is poised to be the virtual assistant of the future. One feature that has been getting a lot of press lately, and for the wrong reason, is a technology called Wi-Fi Sense. Wi-Fi Sense is designed to make sharing Wi-Fi passwords easier among friends you have stored in Outlook, Skype, or Facebook. But, with this increased ease of use comes some security concerns.
Other platforms such as Android and iOS do something similar, but only between a user’s personal devices. Wi-Fi Sense has taken this a step further and allows those passwords to be securely shared among friends on selected networks. In theory a friend would never have to actually know the network credentials. While this sounds like a good idea at first it makes a lot of people uneasy. It turns out that when one uses Wi-Fi Sense to share network passwords with friends of selected networks, it does so en masse to the entire social network. At this point in time you cannot granularly select which friends within those networks with which you want to share your network credentials. It is all, or nothing. That even extends as far as, if your friend has your Wi-Fi network password and they enable Wi-Fi Sense on their device, they can share your password with all of their friends on their selected networks vicariously with people you do not even know.
This technology is enabled by default in a new install of Windows 10.
Network credentials are not shared to social networks by default, only to the user’s other devices, but a lapse in security is only a checkbox away.
Microsoft claims that if Wi-Fi Sense is enabled and you allow friends on a selected social network to gain access to your network they will not be able to see other resources on your local network such as devices or file shares. Even with this reassurance many people are concerned that hackers will develop a way to break out of the network sandbox and gain unauthorized access to other resources.
Another security concern is: If a friend shares their network credentials to a user with Wi-Fi Sense, and that user is unaware, their device can automatically gain connectivity to any networks their friends are sharing without the user’s knowledge or consent. This would then introduce the ability to perform a man-in-the-middle attack on the unfamiliar network or allow the user to access the Internet through a gateway that may have a spoofed DNS server, which could allow malware to be installed unbeknownst to the user.
One way to combat this, even when other users might share your password through their Wi-Fi Sense without your knowledge or consent, is to alter your network name (SSID) to include “_optout” somewhere in the name. Some examples given are: “my_optout_network” or “MyNetworkName_optout.”
At this point in time we recommend turning off the Wi-FI Sense feature until Microsoft introduces more granular control over how network credentials are shared. It will help keep you and your network more secure.