Sharing a Wi-Fi password in a room or office isn’t exactly a herculean task. One can write it down, for example. It can, however, certainly be made easier. And by easier, Microsoft means automagical. That’s why it invented Wi-Fi Sense as a way to easily share Wi-Fi credentials with friends so that they can easily connect to the same network you’re on. Sounds convenient? Probably, but considering the way things are going right now, it might also be a security nightmare waiting to happen.
Wi-Fi Sense is really simple to use, which is what Microsoft is trying to sell in the first place. A user already on the network need only turn it on and then share it with his or her contacts and any of those contacts who are within network range and also have Wi-Fi Sense turned on can hop onto the network.
The key issue that The Register is raising is how ultimately insecure Wi-Fi Sense really is, despite the advertised security. Wi-Fi Sense only allows contacts to get Internet access through it but it doesn’t allow them access to other services of the network, like accessing other computers or files. It also promises that the credentials are encrypted when being passed to other devices. This is where things can get murky, according to The Register.
First, out of necessity, those credentials are actually first passed to Microsoft’s servers before they are passed to contacts with Wi-Fi Sense enabled. Second, any device that connects to that network will also have a copy of that key. Despite being encrypted, it could only be a matter of time before an arduous hacker can crack the code. Given Microsoft’s track record in security, that might not inspire much confidence.
Wi-Fi Sense isn’t actually new and has existed since Windows Phone 8.1, which probably explains why very few have heard of it. That, however, changes with Windows 10, which will supposedly have this feature and turn it on by default. This practically means that desktops, laptops, and tablets, in addition to smartphones, can all become potential targets. Plus, Wi-Fi Sense can be shared, optionally, with Facebook friends, which could create a chain of security liabilities. Of course, this is all theoretical at the moment, but we certainly hope we won’t hear actual instances of it when Windows 10 arrives.
SOURCE: The Register