One of the more controversial features of Microsoft's new Windows 10 operating system, which began its official phased roll out yesterday, is the inclusion of Wi-Fi Sense. Previously an obscure feature of Windows Phone, it sends Wi-Fi passwords in encrypted form to all of your contacts, automatically, without asking you, unless you opt out.
Opting out is, according to a number of security commentators, a task that only the more knowledgeable and confident Windows user is likely to undertake – and in the era of BYOD, not one that most users will actively seek out.
The credentials will be stored encrypted on Microsoft servers, which the tech giant assures us will ensure they are never accessed without authorisation.
Doomsayers are already predicting the worst. “Let's start a counter; How many days will pass before somebody finds a way to abuse Windows Wi-Fi Sense …”, said Tomi Tuominen on Twitter.
Let's start a counter; How many days will pass before somebody finds a way to abuse Windows Wi-Fi Sense …— Tomi Tuominen (@tomituominen) July 30, 2015
According to Microsoft, Wi-Fi Sense on Windows Phone was designed to reduce the amount of mobile data you had to use while out and about by enabling your phone to connect seamlessly to known Wi-Fi hotspots. Sharing your log-in credentials with your friends enabled the phone to effectively crowdsource additional points of access.
As it now stands, it not only enables all and sundry to connect to your Wi-Fi network, Sense also presents the risk that you could be enticed to log into an untrustworthy access point. “It could leave networks more open to abuse – or users connecting to rogue hotspots setup to grab personal information or deliver malware,” said Gavin Millard, technical director of Tenable Network Security.
For many security experts, the answer to the risks associated with Wi-Fi Sense is simply to disable it.
Jason Fossen, a SANS Institute instructor who has written and been teaching a six-day course on Windows security for 15 years, takes a dim view of this latest innovation. Asked about Wi-Fi Sense, he told SCMagazineUK.com, “I haven't tested it, don't intend to use it, and I think most organisations will disable it.”
Shane Buckely, CEO, Xirrus agreed with Fossen. “This is a massive security issue and a potential deal-breaker for IT departments. Enabling Wi-Fi access to a user's contact book is a major security flaw,” he said. “Many of us keep the contact information of our competitors, former employees and customers in our books. These, among many other constituents, should not have automatic access to our Wi-Fi networks.”
He predicted it will stall the rollout of Windows 10 in corporate environments. “Companies should seek clarification on the operation and control of the feature from MS before rolling out the operating system,” he said. “Xirrus suggests companies use 802.1x authentication for corporate access and EasyPass on boarding for BYOD access.”
He added: “Wi-Fi is rapidly becoming the de-facto access layer for the Internet. Customers generally dislike using captive portal systems as a method of authenticated access to networks. Wi-Fi vendors like Xirrus need to eliminate the captive portal and essentially onboard the network onto the device and not the other way around. Doing this negates the need to share security keys for sensitive network access.”
Amichai Shulman, CTO of Imperva, said: “[Wi-Fi Sense] is yet another indicator of how fragile our definition of perimeter is, and as a consequence the need for enterprises to invest in security solutions around the data resources rather than around ‘perimeter'.”
And Mark James, security specialist at ESET, said the integrity of Wi-Fi Sense remains to be tested. “The idea behind this is great for family and friends but not so great for most business environments,” he said. “That said though, it's no less secure than having the Wi-Fi password printed and stuck to the office wall. As with most ‘ease-of-use' options you need to apply it to your situation and see if it's a viable option.”