Monday 6 July 2015

Microsoft's WiFi Sense Poses Manageable Security Risks

NEWS ANALYSIS: The Windows 10 WiFi password sharing feature poses a potential risk, but it's manageable if you have implemented real wireless security.

The expressions of alarm are all over the place. Suddenly people have discovered something called "WiFi Sense" that Microsoft is including in Windows 10 when it's released at the end of July.
Once the new version of Windows is released, this feature of Windows will have an impact on your wireless network security. So you will need to plan on how to handle it before it launches.
Microsoft's WiFi Sense is a means of sharing connection information between users. The original idea was to make connections between wireless hotspots quick and easy so that you don't have to fumble around with your wireless device every time you find yourself near a new source of WiFi.
To make this happen, Microsoft learns the log-in characteristics of WiFi access points, and it saves them. In addition, WiFi Sense can share those characteristics with your other Windows devices and, if you wish, your friends and contacts. The information it shares includes the WiFi password, which effectively opens up private WiFi to public use.
Before you hit the panic button, a little context and some background might be helpful. WiFi Sense isn't new. This feature was part of Windows Phone 8.1, but you likely never heard of it because almost nobody used that version of Windows Phone. The carriers that sold Windows phones mostly didn't upgrade them, so the proportion of phones with that feature was vanishingly small.
WiFi Sense also isn't unique in its capability to share wireless log-in information. Analyst Craig Mathias of Farpoint Group pointed out to me that Passpoint from the WiFi Alliance performs a similar task of sharing log-in information and automating the process of using access points. Passpoint is also not new.
What is new is that WiFi Sense will now be a standard part of the mainstream version of Windows, which unlike the previous edition is expected to be widely adopted. This means that there will be millions of users who have the ability to share their WiFi log-in information with all of their social media and address book contacts, likely without actually being aware that they're doing so. It's the lack of awareness that provides part of the risk.
The reason for the risk is that WiFi Sense also automatically accepts any terms and conditions presented by the WiFi access point. Normally this isn't a problem, since what you're agreeing to is that you won't do anything illegal. But suppose a WiFi site includes terms that say the site has the right to download your personal data? Sometimes it's a good idea to actually read all that legal boilerplate.

No comments:

Post a Comment