Posted on 06/30/2015 7:07:24 PM PDT by dayglored
A Windows 10 feature, Wi-Fi Sense, smells like a security risk: it shares access to password-protected Wi-Fi networks with the user's contacts. So giving a wireless password to one person grants access to everyone who knows them.
That includes their Outlook.com (nee Hotmail) contacts, Skype contacts and, with an opt-in, their Facebook friends. There is method in the Microsoft madness – it saves having to shout across the office or house “what’s the Wi-Fi password?” – but ease of use has to be tamed with security. If you wander close to a wireless network, and your friend knows the password, and you both have Wi-Fi Sense, you can now log into that network.
Wi-Fi Sense doesn’t reveal the plaintext password to your family, friends, acquaintances, and the chap at the takeaway who's an Outlook.com contact, but it does allow them, if they are also running Wi-Fi Sense, to log in to your Wi-Fi. The password must be stored centrally by Microsoft, and is copied to a device for it to work; Microsoft just tries to stop you looking at it...
In theory, someone who wanted access to your company network could befriend an employee or two, and drive into the office car park to be in range, and then gain access to the corporate wireless network.
The feature has been on Windows Phones since version 8.1... Given the meagre installed base of Windows Phones it's not been much of a threat – until now.
With every laptop running Windows 10 in the business radiating access, the security risk is significant. A second issue is that by giving Wi-Fi Sense access to your Facebook contacts, you are giving Microsoft a list of your Facebook friends, as well as your wireless passwords.
(Excerpt) Read more at theregister.co.uk ...
Yeah, that was pretty much my reaction too.
That’s got to be one of the most retarded ideas I’ve ever heard. Thanks, Microshaft!
Probably. But IMHO, the author disqualified them from consideration with the phrase "corporate network".
free for the taking
I'm with Billthedrill -- I don't think this feature will remain for long. Too much potential for abuse and compromise.
The NSA needs access as do the police.
My biggest question ... if what you say comes to pass, why was it included in the first place. Microsoft supposedly has a market on brainpower, who thought this was a great idea?
This is wrong and stupid. Microsoft should work on something useful. Like making free phone calls with a free google voice number and an obi100 http://www.amazon.com/OBi100-Telephone-Adapter-Service-Bridge/dp/B004LO098O
“sharing” your wifi password is....
As useful as tits on a boar hog....
As useful as metro “tiles” on a windows 8 desktop.......
As useful as a crappy Apple watch.....
Is the bear Catholic?
Does the Pope shiite in the woods?
My personal observation/opinion:
Microsoft has many incredibly bright engineering people. They have a few very good managers. They have almost no decent marketing people.
It has to have been a Microsoft Marketing-driven decision to include this "feature" from Windows Phone in a computer operating system. It's a lead balloon. They're famous for bone-headed things like this. Hate to say it, but they couldn't market their way out of a paper bag with both hands and a pocket knife.
Yep. We're in total agreement.
But someone, somewhere within the Microsoft braintrust must have given thought that this was a bad idea?
It’s a feature for the millennial...
Let your friends on your WiFi at home without giving them a password in writing.
My advice, toggle off.
No worries here. My home network is set to only allow those assets whose MAC addresses I have registered.
Fixing a whole in a Windows OS installation should not require me to change my network hardware configuration.
Oh probably, but they obviously were steamrollered.
These are the same people who brought you the Zune and "squirting" (the concept/feature, though officially they disavowed that name for the wireless transfer).
I’ve been told by a pig farmer that it’s a good thing for a boar hog to have tits. It means any female pigs he sires are more likely to have “extras” allowing them to feed larger litters.
There’s a hardware component in your wireless router that’s at play here as well. If you use WPS (wireless protected setup), your router already has a mechanism whereby it synchronizes to your computer through the use of a mutually-shared code. This is very much not recommended in areas where a large number of APs are present (i.e. a college dorm or apartment complex), but it’s relatively safe for most users.
This sounds like an extension of WPS whereby a social aspect of the operating system calls out to systems in the user’s trusted list to allow them to connect to a common wifi hotspot.
I’m using Ubiquiti APs in my home and have a pretty tight lock of my network. I wouldn’t let this crap fly.
Also want to point out that this “feature” is only enabled if you allow it. There are opt-out checkboxes all over the place, and given that this is a Windows platform, if you’re using the OS in a corporate environment, group policy is going to allow you to completely shut this down anyway.
This and having weak or default passwords both have the potential for enabling unauthorized use of you WiFi. The one difference I see is that this could make it more likely that unauthorized users can be detected and identified, since they have to be registered with the service at MS and the access should be logged there.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.