How safe is the Windows 10 Wi-Fi sharing feature?

A feature that went almost unnoticed in Windows Phone 8.1 because of its modest installation base has been raising security questions now that it has been added to Windows 10.

It’s called Wi-Fi Sense, and it simplifies the process of connecting users to nearby Wi-Fi networks. It automatically connects users to crowdsourced open Wi-Fi networks and accepts a Wi-Fi network’s terms of use on their behalf.

But what worries security experts is the fact that it allows users to share access to their password-protected Wi-Fi networks with their Outlook.com contacts, Skype contacts, and Facebook friends.

A user’s contacts and friends don’t get to actually see the password – they just get automatically connected to the Wi-Fi network the user shares if they’re using Wi-Fi Sense on their Windows Phone (or Windows 10). In return, a user’s phone (or computer) will automatically connect to Wi-Fi networks his contacts and friends share with him.

While this feature can come very handy, it could also open users to security risks.

For one, in order for this feature to work, users’ Wi-Fi password is shared with Microsoft: “For networks you choose to share access to, the password is sent over an encrypted connection and stored in an encrypted file on a Microsoft server, and then sent over a secure connection to your contacts’ phone if they use Wi-Fi Sense and they’re in range of the Wi-Fi network you shared,” Microsoft explains.

The company says that when you share network access, your contacts get Internet access only, and not to other computers and devices connected to your network.

“That sounds wise – but we’re not convinced how it will be practically enforced: if a computer is connected to a protected Wi-Fi network, it must know the key. And if the computer knows the key, a determined user or hacker will be able to find it within the system and use it to log into the network with full access,” noted The Register’s Simon Rockman.

“In theory, someone who wanted access to your company network could befriend an employee or two, and drive into the office car park to be in range, and then gain access to the corporate wireless network.”

But Microsoft reassures that enterprise networks that use 802.1X can’t be shared with contacts.

Another thing that worries some users is that if they share their Wi-Fi with their contacts or friends, that they can go on sharing it with their contacts, so on and so forth. But Microsoft again notes: “The networks you share aren’t shared with your contacts’ contacts. If your contacts want to share one of your networks with their contacts, they’d need to know your actual password and type it in to share the network.”

Computing’s Graeme Burton is worried that this feature allows Microsoft to map users, their connections and also where they go – information that can later be sold to third parties.

The main problem as I see it is that feature is turned on by default, and users are required to opt out if they don’t want to use it. Also, in order to keep their Wi-Fi network “safe” from Wi-Fi Sense, users must add _optout to the name of their network (e.g. mynetwork_optout) – and this is something not many users know how to do.

“According to Microsoft the WiFi password is sent over an encrypted connection and only provides internet access and no network access. However, how secure this is remains to be seen. In theory if the password is being sent then its capable of being compromised, the idea behind this is great for family and friends but not so great for most business environments. With any contact having potential access to your network we need to take extra care before allowing this default option to be active,” commented Mark James, security specialist at ESET.

“That said though, it’s no less secure than having the Wi-Fi password printed and stuck to the office wall, as with most ‘ease-of-use’ options you need to apply it to you situation and see if it’s a viable option. If it’s a company guest Wi-Fi network then having to waste the first 15 minutes while someone finds the password could make the meeting go a lot smoother, on the other hand if you supply an internal Wi-Fi network for your staff then I would not recommend Wi-Fi sense is used. Access to your network should be authorised and monitored at all times.”

Amichai Shulman, CTO of Imperva says that “without getting into how secure the implementation is and whether an attacker can get hold of cleartext WiFi password or not, this is a perfect example of how convenience makes us vulnerable. It is clear that this type of feature allows our contacts (which we don’t always actually know) connect to the same network we’re connected to and at the same time it can probably allow someone in our contacts list to force our device into connecting to an unsecure WiFi network.”

“Whether this capability picks up or not depends entirely on how useful it is or how disruptive it is (e.g. if your device constantly jumps between networks it may not be very convenient) and not on how secure it is perceived. This particular capability is yet another indicator to how fragile our definition of perimeter is, and as a consequence the need for enterprises to invest in security solutions around the data resources rather than around ‘perimeter’,” he concluded.