SoylentNews is people
SoylentNews
from the we-are-really-security-conscious dept.
According to The Register Microsoft plans to enable their WIFI Sense feature on all versions of Windows 10 by default.
WIFI Sense has been lurking on Windows Phones since version 8.1.
A Windows 10 feature, Wi-Fi Sense, smells like a significant security risk: it shares access to password-protected Wi-Fi networks with the user's contacts. So giving a wireless password to one person grants access to everyone who knows them. That includes their Outlook.com (nee Hotmail) contacts, Skype contacts and, with an opt-in, their Facebook friends.
With every laptop running Windows 10 in the business radiating access, the security risk is significant. A second issue is that by giving Wi-Fi Sense access to your Facebook contacts, you are giving Microsoft a list of your Facebook friends, as well as your wireless passwords.
Microsoft offers a totally ridiculous workaround: you can simply add _optout to the SSID to prevent it from working with WiFi Sense.
Microsoft's page on WIFI Sense hasn't yet made it clear that every Windows 10 computer using WIFI will have the feature on by default. But that page does also include this little gem:
Wi-Fi Sense uses your location to identify open networks near you that it knows about by crowdsourcing.
Where are the lawyers when you need them?
Original Submission
(Score: 3, Insightful) by Leebert on Wednesday July 01 2015, @02:52PM
So, Microsoft accessed a computer without authorization by implementing this feature? Sorry, I don't see that flying.
(Score: 2, Interesting) by RedGreen on Wednesday July 01 2015, @03:57PM
"So, Microsoft accessed a computer without authorization by implementing this feature? Sorry, I don't see that flying."
There are none so blind as those who will not see. - John Heywood (1546) still applies nearly five centuries later...
"I modded down, down, down, and the flames went higher." -- Sven Olsen
(Score: 2) by Leebert on Wednesday July 01 2015, @06:58PM
I'm trying to understand how one could legitimately claim that Microsoft committed a crime by including this feature. For one thing, Microsoft did not access anything. They provided you software that has a feature that shares data you provide it in a way that is by all superficial appearances insecure and is certainly not expected software behavior by most people. No argument there. But I'm having a hard time seeing a CRIME.
Suppose I developed an app that controlled garage doors, and that app automatically allowed anyone in your contact list to open your garage door. Did I as the app author commit trespass or breaking and entering or other such crime? Nope. They might have done something stupid, maybe even dickish. But not criminal. At least, not as far as I can tell. Especially since consent is probably buried in a license agreement somewhere. Hence my original question: What law are they violating by doing this? Because I can't see it being the Computer Fraud and Abuse Act.
Maybe I'm wrong, but please convince me with actual facts and not a cutesy quote.
(Score: 1, Informative) by Anonymous Coward on Wednesday July 01 2015, @07:29PM
I'm trying to understand how one could legitimately claim that Microsoft committed a crime by including this feature.
It's not including the feature that's the violation; it's providing your WiFi key to someone without your authorization that will be the violation.
(Score: 2) by RedGreen on Wednesday July 01 2015, @07:37PM
As the AC points out providing your wifi key to world + dog is if you or I do it the crime, MS on the other hand with the litany of crimes they have committed and bought their way out of in the past probably will get nothing but at most slap on wrist for doing it.
"I modded down, down, down, and the flames went higher." -- Sven Olsen
(Score: 2) by frojack on Wednesday July 01 2015, @08:56PM
Nevermind PROVIDING....
What about just TAKING your WIFI Password?
Even if they have no intent to use it (they are after all several thousand miles away from most users), mere possession might constitute a crime.
Note: the federal statute quoted up-thread may not apply unless the computer was a "protected computer", and when you study the statute deeply enough to find out what constitutes a "protected computer" it usually has to be a federal computer, or banking system computer, etc.
No, you are mistaken. I've always had this sig.
(Score: 2) by DECbot on Wednesday July 01 2015, @04:15PM
Bob visits Alice's house. Since Bob is in Alice's contacts and Bob and Alice both use Microsoft products, Bob now has access to Alice's WiFi--whether she explicitly shared it to him or not (remember, it's opt-out, not opt-in). Martin is Bob's bar friend, and so he is in Bob's contacts to coordinate drinking nights. Unknown to Bob, Martin does questionable things with the internet. Since Alice's WiFi password is in Bob's computer and Martin is in Bob's contacts, Alice's WiFi password gets shared to Martin. Now Martin uses Alice's WiFi to attract the Fed's attention and Alice get a unwelcome notice from the Fed.
cats~$ sudo chown -R us /home/base
(Score: 3, Interesting) by frojack on Wednesday July 01 2015, @05:22PM
And you totally missed the part of the bar buddy living one floor up from Alice, and therefore having free wifi for life at Alice's expense, and access to her shared music and video collection on her NAS box Public folder. And bar buddy doesn't even have to know Alice/
This is totally different than Comcast's sharing part of your wifi using a separate Vlan to any other Comcast customer, because theoretically all it takes is a tiny bit of extra electricity, and exposes none of your data. (allegedly).
Microsoft's plan just plops you on to other people's WIFI subnet, where you can run up anyone's bill downloading porn, shooting out spam, or hacking the WIFI owner's other computers from the next apartment.
No, you are mistaken. I've always had this sig.
(Score: 2) by Leebert on Wednesday July 01 2015, @07:05PM
Is the transitive relationship unlimited? I don't know how it works, but if I were implementing something like this, I'd limit the sharing to one degree of separation from the person who actually entered the key. Otherwise, Kevin Bacon would have all of our Wifi pre-shared keys by the end of the week.