Stories
Slash Boxes
Comments

SoylentNews is people

Windows 10 to Share WiFi Key With Contacts

posted by cmn32480 on Wednesday July 01 2015, @09:19AM   Printer-friendly
from the we-are-really-security-conscious dept.

frojack writes:

According to The Register Microsoft plans to enable their WIFI Sense feature on all versions of Windows 10 by default.

WIFI Sense has been lurking on Windows Phones since version 8.1.

A Windows 10 feature, Wi-Fi Sense, smells like a significant security risk: it shares access to password-protected Wi-Fi networks with the user's contacts. So giving a wireless password to one person grants access to everyone who knows them. That includes their Outlook.com (nee Hotmail) contacts, Skype contacts and, with an opt-in, their Facebook friends.

With every laptop running Windows 10 in the business radiating access, the security risk is significant. A second issue is that by giving Wi-Fi Sense access to your Facebook contacts, you are giving Microsoft a list of your Facebook friends, as well as your wireless passwords.

Microsoft offers a totally ridiculous workaround: you can simply add _optout to the SSID to prevent it from working with WiFi Sense.

Microsoft's page on WIFI Sense hasn't yet made it clear that every Windows 10 computer using WIFI will have the feature on by default. But that page does also include this little gem:

Wi-Fi Sense uses your location to identify open networks near you that it knows about by crowdsourcing.

Where are the lawyers when you need them?

Original Submission

 
This discussion has been archived. No new comments can be posted.
Windows 10 to Share WiFi Key With Contacts | Log In/Create an Account | Top | 44 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Interesting) by bootsy on Wednesday July 01 2015, @11:56AM

    by bootsy (3440) on Wednesday July 01 2015, @11:56AM (#203716)

    Very sound advice.

    Does anyone know how MS plan on doing the automated upgrades from 8.1 as, depending on how it is done, you could suddenly find yourself running Win 10 and connecting to your Wi-Fi network without much say in the matter?

    One side of MS must have some clue about security as Windows Authentication is basically Kereberos and LDAP and it works really well but then you get stupid things like this article and the fact you cannot have a read only RDP login to a server running Windows. Unlike Unix you cannot login to check a server without having the ability to wreck it.

    Given MS's biggest Market is corporate IT on desktops and servers, it still bases its designs around the rapidly dying home desktop market. I am frequently amazed at how bad Windows is in a coporate setup and the workarounds that have to be done to get it secure. I am told from colleagues who have visited Redmond that they use very different machines to test that Windows will work on many configurations and types of hardware but in a big Corporate most people will have the same hardware installed from a fixed image.

    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3