Please
click this link if you are looking for information on Windows 10.
I "stole" the following VERBATIM from a
blog post at The Register.
If you upgrade to Windows 10 and if you have a wireless home network you better turn Wi-Fi Sense in Windows 10 OFF!
Wi-Fi Sense is a feature from the world of Microsoft Mobile (cell phones) that sneakily appears in Windows 10.
Here now the article from The Register:
--------------------------
theregister.co.uk
UH OH: Windows 10 will share your Wi-Fi key with your friends' friends
30 Jun 2015 at 20:59,
Updated A Windows 10 feature,
Wi-Fi Sense, smells like a security risk: it can share access to Wi-Fi networks with the user's contacts.
 |
| Wi-Fi Sense has been on Windows Phone since 8.1 |
Those contacts include their Outlook.com (
nee
Hotmail) contacts, Skype contacts and, with an opt-in, their Facebook
friends. There is method in the Microsoft madness – it saves having to
shout across the office or house “what’s the Wi-Fi password?” – but ease
of use has to be teamed with security. If you wander close to a
wireless network, and your friend knows the password, and you both have
Wi-Fi Sense, you can log into that network.
Wi-Fi Sense doesn’t
reveal the plaintext password to your family, friends, acquaintances,
and the chap at the takeaway who's an Outlook.com contact, but it does
allow them, if they are also running Wi-Fi Sense, to log in to your
Wi-Fi. The password must be stored centrally by Microsoft, and is copied
to a device for it to work; Microsoft just tries to stop you looking at
it. How successful that will be isn't yet known.
"For networks
you choose to share access to, the password is sent over an encrypted
connection and stored in an encrypted file on a Microsoft server, and
then sent over a secure connection to your contacts' phone if they use
Wi-Fi Sense and they're in range of the Wi-Fi network you shared," the
Wi-Fi Sense FAQ states.
Microsoft
also adds that Wi-Fi Sense will only provide internet access, and block
connections to other things on the wireless LAN: "When you share
network access, your contacts get internet access only. For example, if
you share your home Wi-Fi network, your contacts won't have access to
other computers, devices, or files stored on your home network."
That
sounds wise – but we're not convinced how it will be practically
enforced: if a computer is connected to a protected Wi-Fi network, it
must know the key. And if the computer knows the key, a determined user
or hacker will be able to find it within the system and use it to log
into the network with full access.
In theory, someone who wanted
access to your company network could befriend an employee or two, and
drive into the office car park to be in range, and then gain access to
the wireless network. Some basic protections, specifically ones that
safeguard against people sharing their passwords, should prevent this.
The
feature has been on Windows Phones since version 8.1. If you type the
password into your Lumia, you won’t then need to type it into your
laptop, because you are a friend of yourself. Given the
meagre installed base of Windows Phones it's not been much of a threat – until now.
With
every laptop running Windows 10 in the business radiating access, the
security risk is significant. A second issue is that by giving Wi-Fi
Sense access to your Facebook contacts, you are giving Microsoft a list
of your Facebook friends, as well as your wireless passwords.
In an attempt to
address the security hole it has created, Microsoft offers a kludge of a workaround: you must add
_optout to the SSID (the name of your network) to prevent it from working with Wi-Fi Sense.
(So if you want to
opt out of Google Maps and Wi-Fi Sense at the same time, you must change your SSID of, say,
myhouse to
myhouse_optout_nomap. Technology is great.)
Microsoft
enables Windows 10's Wi-Fi Sense by default, and access to
password-protected networks are shared with contacts unless the user
remembers to uncheck a box when they first connect. Choosing to switch
it off may make it a lot less useful, but would make for a more secure
IT environment.
Yes, wireless passwords can be written down and
trivially passed along to others: we know network security shouldn't end
at the Wi-Fi login prompt. But there's nothing like an OS automating
the practice of blabbing passphrases to your mates, eh?
Updated to add
A
Microsoft PR rep has been in touch about the headline, pointing out
that when you share access to your network via Wi-Fi Sense, your
contacts cannot share that access to other people. We know this.
The
headline still stands because: imagine you and I are friends, and you
visit my house. I tell you the Wi-Fi password, or you read it off the
fridge. You type it into your Windows 10 device, and access to my
network is shared via Wi-Fi Sense with your Windows 10 friends. Your
friends now have access to my network, or in other words, my friend's
friends now have access to the network.
And that's not good.
--------------------------
So far for the article from The Register.
By now I have installed several versions of Windows 10 Preview and the install process has changed over time - which is to be expected in a preview for testing of a product that is in active development. The last install(s) have asked questions about sharing Wi-Fi keys and I have declined. By the way, I am planning an extensive article about the install process of Windows 10.
I have declined to share Wi-Fi keys
because I read the questions before I ACCEPT the default settings. These preselected default settings more often that not help Microsoft rather than the individual user; that at least is my experience with Microsoft software and products since I know them - and that is only since about the early 1980s.
As usual I welcome comments and suggestions right here in the blog. Thank you in advance.
Click here for a categorized Table Of Contents.
