Security Concerns Raised Due To Wi-Fi Sense Feature Of Windows 10

The Wi-Fi Sense is a feature on Windows 10 that facilitates internet connectivity for people on the go. It automatically logs into open wireless networks by sharing shared connections with friends. The feature raised wireless security concerns among users of the new OS since it allows users to log into open networks while sharing the secured connection to their contacts.

Whenever Windows 10 users log into a new network they can easily access their contacts by checking a box to share the network. The feature was initially introduced by Microsoft through Windows Phone 8.1 last year, but it did not make an impact in the market since a small number of people have a Windows Phone.

The feature was described by Craig Mathias of the Farpoint Group as “a cheap hack.” He highlighted through an email the importance of the Passpoint technology of the Wi-Fi Alliance, which allows users to securely connect to wireless networks without the login process. He added that Wi-Fi access should never be left open by anyone.

Security Concerns Raised Due To Wi-Fi Sense - image credit: techradar.com

Microsoft is promoting the Wi-Fi Sense as a security feature rather than a flaw. The technology allows users to give friends access to their network without giving the password. The company added that the password is not visible to users accessing a network through the feature.

The FAQ of the feature indicates that users sharing network access transmits the password into a Microsoft server through an encrypted connection. The password is stored in the server before it is given to friends who need to access network basing on the location data coming from their device. Users using Wi-Fi Sense are limited to internet access and cannot access any other devices connected to the network.

Even as it remains unclear how passwords are stored by Microsoft on a client device, any user with enough motivation may be able to extract the password through the access they were given by their friends. Attackers may also add other people on Facebook to gain access to a network using Wi-Fi Sense.

However, the feature cannot access networks using 802.1X, which is used by businesses in securing their network. In the end, renaming the network with “_optout” at the end of the SSID will allow users to make their network unavailable to other users. If users are not keen on changing the name of their network, they can manually put in the password of the network into the devices of their guests while making sure the share the network checkbox is turned off.

Posted by George Daniels on Thursday July 02 2015, 9:48 AM EDT. All trademarks acknowledged. Filed under Technology. Comments and Trackbacks closed. Follow responses: RSS 2.0