With the launch of Windows 10, anyone who walks into your house and gets
your Wi-Fi password for their PC could potentially let all their
friends onto your network, thanks to a new feature that has ignited
controversy online.
A compact list of the 56 large, 18 midsize and 26 small organizations that ranked as Computerworld's
Called Wi-Fi Sense, the feature is designed to make it easier for people
to get Internet access for their devices while they're on the go by
automatically logging them into wireless hotspots. It does so with a
two-pronged approach: by logging users into select open networks and
also by allowing them to share secured connections with their friends
(and vice versa). Perhaps unsurprisingly, that has drawn the ire of
people who care about wireless security.
If someone with a Windows 10 device logs on to a new network, they can
check a box to share that access with their contacts, who could include
their Facebook friends, Outlook.com contacts and people on their Skype
contact list. This isn't exactly a new feature -- Microsoft introduced it with Windows Phone 8.1 last year, but it didn't make much of a splash at the time because not that many people use Windows Phone.
Craig Mathias, a principal at the Farpoint Group who specializes in
wireless technology, said in an email that the feature was "a cheap
hack." He went on to say that the Wi-Fi Alliance's Passpoint technology,
which makes it possible for some devices to connect securely to
wireless networks without going through a login process, is "more
important."
"And no one should ever leave Wi-Fi access wide open," he said.
Blair Hanley Frank
To hear Microsoft pitch Wi-Fi Sense, it's a security feature, not a
flaw. Using the new technology, people can let their friends access
their home network without having to provide them with the password,
which cuts down on those annoying conversations that take place when
someone is trying to get Internet access. What's more, contacts who are
able to log into a network only using Wi-Fi Sense don't actually see the
password.
According to a FAQ about the feature,
a user who shares network access sends the password through an
encrypted connection to a Microsoft server, where it's stored in an
encrypted form before being handed off securely to any of their friends
who needs it based on location data from their device. Microsoft says
that someone who gets access through Wi-Fi Sense will have access only
to the Internet and won't be able to get to any other computers or
devices on the network.
Of course, all that relies on the feature working as intended. While
it's not clear exactly how Microsoft is storing passwords on a client
device, it's possible that someone sufficiently motivated would be able
to find and extract the wireless password for a network they get access
to thanks to their friends. An attacker could also friend people on
Facebook in order to get access to networks using Wi-Fi Sense. All of
this relies on the Microsoft database storing wireless network
information remaining secure.
Wi-Fi Sense doesn't work with networks secured using 802.1X, which is
often used by enterprises to keep their networks on lockdown, so that
should give some comfort to corporate network administrators.
Ultimately, people who want to make sure that their Wi-Fi network is unavailable to Wi-Fi Sense users can rename it
to include "_optout" at the end of the SSID. For example, a network
called "foobar_optout" would be ineligible for sharing through Wi-Fi
Sense, while one that's just called "foobar" would be usable with
Microsoft's sharing feature.
If you don't want to change your network's name, Microsoft suggests that
you manually enter the network's password for your guests and make sure
the checkbox to share the network is turned off.
Blair Hanley Frank
Post A Comment:
0 comments so far,add yours