Windows 10 Wi-Fi Sense Raises Security Concerns - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Comments
Windows 10 Wi-Fi Sense Raises Security Concerns
Threaded  |  Newest First  |  Oldest First
tzubair
50%
50%
tzubair,
User Rank: Ninja
7/30/2015 | 11:14:33 PM
Mechanics
So from what I understand from this post, if you're part of my network (Outlook, Facebook etc) and if you come to a place with WiFi where I have access to WiFi, I can share the network with you and you can connect to it without knowing the key. I think that does sound a bit useful to me. However, I wonder how the mechnics work. Does it make the router give access to the new device? Or, does your own device become a hotspot and share the network?
progman2000
50%
50%
progman2000,
User Rank: Ninja
7/31/2015 | 8:52:20 AM
Re: Mechanics
I don't know, but this sounds like dangerously over-social engineering something to me...
tzubair
50%
50%
tzubair,
User Rank: Ninja
7/31/2015 | 6:16:37 PM
Re: Mechanics
"I don't know, but this sounds like dangerously over-social engineering something to me.."

@progman2000: It does't seem dangerous on the surface but it does have the potential to be exploited and be used as social engineering as you mentioned. However, it depends on how secure the system has been made and what is the underlying process like. I do trust Microsoft when it comes to security.
Kelly22
50%
50%
Kelly22,
User Rank: Strategist
7/31/2015 | 12:25:26 PM
Re: Mechanics
When you choose to share access to a network, the password is sent over an encrypted connection and stored in an encrypted file on a Microsoft server. From there, it's sent over an HTTPS connection to your contacts' PC or phone (if they're also on WiFi sense). Your device doesn't become a hotspot; your contact is using your password to log in to the network - they just don't know what it is.

 
tzubair
50%
50%
tzubair,
User Rank: Ninja
7/31/2015 | 6:26:02 PM
Re: Mechanics
"From there, it's sent over an HTTPS connection to your contacts' PC or phone (if they're also on WiFi sense)."

@Kellly: Thank you for explaining the underlying architecture. If that's the level of security that has been built in, then it does seem quite secure. It seems like an efficient way to handle the case where the Wifi key changes and everyone has to update it. As long as they are added to your network, they'd not need to update the key on their ends. Further, if you want to prevent someone from using the Wifi, you can simply remove them from your network
Whoopty
100%
0%
Whoopty,
User Rank: Ninja
7/31/2015 | 7:45:59 AM
Time saver
As much as I don't like that this is linked with Facebook and Outlook (I email people and have "friends" that I wouldn't invite to my house) I do like the idea of not having to give out my WiFi password every time someone I'm close to comes round. 

It's a nice idea, but needs some tweaks I think as there's too much potential for network infiltration with something like this. 
Kelly22
50%
50%
Kelly22,
User Rank: Strategist
7/31/2015 | 12:29:29 PM
Re: Time saver
It's definitely a timesaver and I think for most people, it's a handy tool. My concern would be for people handling sensitive info. One example: employees working from home, especially those with households of people who could share the WiFi password if they know it. In that case it might be smart to block your personal network.

One tweak I'd like to see is the ability to allow individual machines instead of entire social networks. I don't like the idea of sharing my password with my entire Facebook contact list..
GAProgrammer
50%
50%
GAProgrammer,
User Rank: Ninja
7/31/2015 | 11:27:04 AM
A bit paranoid here....
Sure, you can share your WiFi info to Grandma, but how many of her friends are actually going to come within range of your WiFi signal? Can your info be distributed? Sure. However, the physical limitations are going to make this useless to most people with bad intentions. They have to KNOW where you are to get on your network. So what if my WiFi password is sent to 450 people across 6 states? Only about 5 of them will ever actually be close enough to make use of the info.

I am all for being cautious about things, but let's not go overboard with the paranoia here.
batye
50%
50%
batye,
User Rank: Ninja
8/3/2015 | 1:36:12 PM
good info
@Kellly -thank you, good points and wealth of good security info... - thanks
Shouldbeu2
50%
50%
Shouldbeu2,
User Rank: Apprentice
8/14/2015 | 11:01:04 AM
Neighborhood wifi?
Given most of your neighbors are fb friends, how would you stop them from hogging your bandwidth? (hmm. Netflix\amazon prime works better on Bob's network since he is paying for fiber..)

I don't let all my FB or other contacts just walk in my house at any time; why would I just let them just use my network at any time?

Since you are responsible for what occurs on\through your network (hacking, illegal sites, etc) doesn't this increase your liability?

What about internal hosted websites (like for security cameras) - would they have access to those?

I don't think I should have to explicitly 'opt out' either; it should be an opt in.


The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Slideshows
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
Commentary
Graph-Based AI Enters the Enterprise Mainstream
James Kobielus, Tech Analyst, Consultant and Author,  2/16/2021
News
What Comes Next for AWS with Jassy to Become Amazon CEO
Joao-Pierre S. Ruth, Senior Writer,  2/4/2021
Register for InformationWeek Newsletters
Video
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll