Windows 10’s Wi-Fi Sense feature is not a security risk. Here’s why

30 Jul 2015 | Author: | No comments yet »

Here’s How Windows 10 Could Kill Passwords Forever.

Starting this week, Microsoft is offering most Windows 7 and Windows 8 users a free upgrade to the software giant’s latest operating system — Windows 10.When Microsoft’s Windows 10 launches Wednesday, a lucky few users will be greeted at the login screen by a cartoon eyeball that appears to want to lock eyes with its owner.

Microsoft Windows 10 will have a number of improvements when it launches tomorrow, including a revamped Start menu, a speedy Microsoft Edge web browser, a built-in Cortana digital assistant and the ability to stream games from an Xbox One console to another device. It sends your encrypted Wi-Fi passwords to your contacts in an effort to avoid those “hey, what’s your Wi-Fi password?”, “err I dunno I wrote it down on a post-it two years ago”, kinda scenarios.

When Wi-Fi Sense is enabled, anyone you have in your Skype, Outlook or Hotmail contacts lists — and any of your Facebook friends — can be granted access to your Wi-Fi network as long as they’re within range. The Windows team calls this snappy new login feature “Hello.” “It’s our way of saying goodbye to passwords,” says Chaitanya Sareen, Microsoft’s principal program manager on Windows. What makes Wi-Fi Sense controversial is that it encourages you to crowdsource private Wi-Fi network passwords with your Outlook, Skype and Facebook contacts. Microsoft added this feature to save users’ time and hassle, but as independent security blogger Brian Krebs put it, some security experts see it as “a disaster waiting to happen.” Krebs and others worry about the potential for strangers or untrustworthy friends being given access to users’ home Wi-Fi networks.

Judging by Sareen’s recent demonstration to TIME, the feature is even more seamless than the iPhone’s thumb scanner — you don’t even have to lift a finger to use it. “It’s actually using different dark and light shadows on the contours of my face,” says Sareen. “If it was pitch dark it would still sign me in.” That’s because Hello works with Intel’s Real Sense 3-D camera, which bathes the user’s face in infrared light, penetrating facial hair and dim lighting conditions. While some critics are still concerned about security and privacy matters surrounding Wi-Fi Sense new feature in Windows 10, there are also some clear benefits that may outweigh the risks. Microsoft has tried to reassure them by pointing out that you have to agree to enable Wi-Fi Sense every time you join a new network, that those people to whom you grant network access can’t pass along that access to yet more people, and that the feature doesn’t share an actual password, but rather an encrypted version of it. Despite the safeguards, the issue is nonetheless dangerous for those users, and there are many of them, who agree to everything their computers ask of them. Gizmodo claims that if you upgrade to Windows 10 from a previous installation (which helpfully saves all of your old Wi-Fi network passwords), Wi-Fi Sense sharing is enabled by default for all of those networks.

The company says your contacts will only be able to share your network access, and that Wi-Fi Sense will block those users from accessing any other shared resources on your network, including computers, file shares or other devices. At no point will it ever lift off into the cloud, according to Sareen. “Even if a hacker got [the data], you could still not reverse engineer my face, my fingerprint or my iris.” Should those security claims stand the test of time, biometric logins could offer a more secure alternative to passwords, which are often still shockingly easy to crack. In here, you basically want to disable every option you see, as well as tell Windows 10 to forget any Wi-Fi networks you’ve signed into in the past. But these words of assurance probably ring hollow for anyone who’s been paying attention to security trends over the past few years: given the myriad ways in which social networks and associated applications share and intertwine personal connections and contacts, it’s doubtful that most people are aware of who exactly all of their social network followers really are from one day to the next. “That sounds wise — but we’re not convinced how it will be practically enforced: if a computer is connected to a protected Wi-Fi network, it must know the key.

The most commonly used password among victims of cybertheft alternates between “password” and “123456,” according to cybersecurity firm SplashData. It rather assumes that when a friend of mine comes and visits then it is somehow way too problematical for them to ask what the Wi-Fi password is, or for me to have a guest account set up for them to use.

Most people have many contacts or Facebook friends whom they barely know — would you really trust your Wi-Fi password with your second cousin’s boyfriend, or that guy in the neighborhood who once fixed your toilet? I should point out that Wi-Fi networks which use the centralised 802.1x Wi-Fi authentication — and these are generally tech-savvy large organisations — won’t have their Wi-Fi credentials shared by this new feature. Microsoft says it’s prodding hardware manufacturers to broaden the selection of devices equipped with 3D cameras, though the price of the technology may prove prohibitively expensive to budget shoppers.

Microsoft’s solution for those concerned requires users to change the name (a.k.a. “SSID”) of their Wi-Fi network to include the text “_optout” somewhere in the network name (for example, “oldnetworknamehere_optout”). For example, a network called “WiFiSenseUgh_optout” wouldn’t be stored by Wi-Fi Sense, while one that’s just called “WiFiSenseUgh” would be usable with Microsoft’s sharing feature. Wi-Fi Sense has of course been a part of the latest Windows Phone for some time, yet it’s been less of a concern previously because Windows Phone has nowhere near the market share of mobile devices powered by Google’s Android or Apple’s iOS. Yeah, it’s a pain, but if you don’t add “_optout” to your network and want to stay out of Microsoft’s Wi-Fi Sense database, you’ll need to manually enter your password on your friends’ devices when they pop by your house and make sure to uncheck Windows 10’s “Share network with my contacts” box when you do so.

The encrypted file is sent over a secure connection to your friend’s Wi-Fi Sense enabled device if he or she is in range of the Wi-Fi network, according to Microsoft’s FAQ about Wi-Fi Sense for Windows Phone. You can also opt your network out of Wi-Fi Sense entirely by adding the phrase “_optout” to the end of your Wi-Fi network’s name. “If you choose to, you can later explicitly share those networks if you have the password”. Personally, we’re going to ask that people never enable Wi-Fi Share if they bring a Windows 10 laptop or tablet — or a handset running Windows Phone 8, which also has the feature — into our house. Other than this issue, we’re not seeing many complaints about Windows 10, beyond the predictable mixed results reported by people rushing to download new software on the first day of availability.

Go to Settings, select “Network & Internet” and then click on “Wi-Fi.” Select “Manage Wi-Fi Settings,” scroll to the Wi-Fi Sense section, and turn off each and every feature. For every network you join, you’ll be asked if you want to share it with your friends/social networks.” To my way of reading that, if I’m running Windows 10 in the default configuration and a contact of mine connects to my Wi-Fi network and say yes to sharing, Windows shares access to that network: The contact gets access automatically, because I’m running Windows 10 and we’re social media contacts. There’s another way to avoid this: Buy a wireless router that allows the creation of a guest network that has Internet access, but no access to other devices on the network.

Here you can write a commentary on the recording "Windows 10’s Wi-Fi Sense feature is not a security risk. Here’s why".

* Required fields
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site