ComRȁde PyRate

Tuesday, 4 August 2015

Windows 10 Wi-Fi Sense Explained: Actual Security Threat You Need to Know


Windows 10 Wi-Fi Sense Explained: Actual Security Threat You Need to Know
Just one day after Microsoft released its new operating system, over 14 Million Windows users upgraded their PCs to Windows 10.

Of course, if you are one of the Millions, you should aware of Windows 10's Wi-Fi Sense feature that lets your friends automatically connects to your wireless network without providing the Wi-Fi password.

Smells like a horrible Security Risk! It even triggered a firestorm among some security experts, who warned that Wi-Fi Sense is a terrible and dangerous feature and that you should disable it right away.

Even some researchers advised Windows 10 users to rename their Wi-Fi access points.

Before discussing the risks of Wi-Fi Sense, let's first know how it works.

How Windows 10 Wi-Fi Sense works?


Windows 10 Wi-Fi Sense feature allows you to share your Wi-Fi password with your friends or contacts, as well as lets you automatically connect to networks that your friends and acquaintances have connected to in past, even if you don't know the password.

Now, when those friends are within the range of your Wi-Fi network, Windows 10 automatically joins the network with that saved password you just shared with your friends and logs them in, without prompting them for a password.

Enabled by Default, but It's not the actual Security Threat, Here's Why:


Wi-Fi Sense feature is enabled by default in Windows 10 to make it easier for users to receive instant access to the Shared Networks by their Friends or Contacts.

But, But, But… did you notice that the feature says "For networks I select..."?

"Enabled by default" doesn't mean your Wi-Fi passwords are automatically going to be shared with your Facebook or Skype contacts by default, unless you won’t manually configure your Wi-Fi Sense settings to share selected network access with any contact group.

Under "For networks I select..." option, you can explicitly control which group of contacts from which social networks get access to which Wi-Fi Network.

Until or unless you do not offer your Wi-Fi password to Wi-Fi Sense, it will not let selected contact group to connect to your network.

This means Wi-Fi password sharing option is OFF for every social network by default.

And of course even if you choose to share your Wi-Fi network with your contacts, Wi-Fi Sense only shares Internet access and not your actual Wi-Fi password.

Why You Should be Scared of Wi-Fi Sense (Actual Security Threat)


Microsoft promoted Wi-Fi sense as:

In simple words, now you don't need to read out loud your Wi-Fi password, character by character when your friends are at your home and want to use The Internet. So similarly, you don’t need to shout across the office or your friend’s house "What’s the Wi-Fi password?"

However:

"If you choose to share with your Facebook friends, any of your Facebook friends who are using Wi-Fi Sense on a Windows Phone will be able to connect to the network you shared when it's in range, You can't pick and choose individual contacts." -- Microsoft FAQ says.

As a general Internet user, I used to accept almost every friend request on the Facebook and also communicate with lots of people on Skype or Outlook. In short, the majority of people in my contact list are whom I don't know personally or trust.

So, If I can't choose any individual contact from my list, then enabling "Network password sharing feature" will share my network access with all my contacts in the selected social network.

Microsoft also Argued:

Neither it allows anyone to access your local resources so that nobody can hunt through your personal files.

However, We know that...

The biggest threat of sharing your Wi-Fi access with everyone on a list is just like you are allowing hackers to position themselves between you and the connection point i.e. Man-in-the-Middle attack.

In such attack scenarios, the hacker can access every piece of information you're sending out on the Internet, including important emails, account passwords or credit card information.

Sitting on the same network, an attacker can also target your machine directly using Metasploit or any other hacking tool.

Ultimately, Windows 10 Wi-Fi Sense probably is not the most secure feature in the world, but it is not that bad either, if in future, Microsoft could allow Windows 10 users to choose individual contacts from a group.

For Now… Should You Stop Using It?


Like many things in life, we have to make a choice between things that make our life comfortable and that provide us absolute security.

AND, if you are concerned more about security, just turn Wi-Fi Sense OFF.

How to Turn Windows 10 Wi-Fi Sense OFF?


To disable Wi-Fi Sense, go to Windows Settings, then Network & Internet and then click "Change Wi-Fi settings," and then "Manage Wi-Fi settings."

From there, you can change a variety of settings. Turn OFF everything under the Wi-Fi Sense heading; disable WI-Fi password sharing with Facebook, Outlook, or Skype; and have Wi-Fi Sense forget the list of known Wi-Fi networks.

No comments:

Post a Comment