Starting today, Microsoft is offering most Windows 7 and Windows 8 users a free upgrade to the software giant’s latest operating system — Windows 10. But there’s a very important security caveat that users should know about before transitioning to the new OS: Unless you opt out, Windows 10 will by default prompt to you share access to WiFi networks to which you connect with any contacts you may have listed in Outlook and Skype — and, with an opt-in, your Facebook friends.
This brilliant new feature, which Microsoft has dubbed Wi-Fi Sense, doesn’t share your WiFi network password per se — it shares an encrypted version of that password. But it does allow anyone in your Skype or Outlook or Hotmail contacts lists to waltz onto your Wi-Fi network — should they ever wander within range of it or visit your home (or hop onto it secretly from hundreds of yards away with a good ‘ole cantenna!).
I first read about this over at The Register, which noted that Microsoft’s Wi-Fi Sense FAQ seeks to reassure would-be Windows 10 users that the Wi-Fi password will be sent encrypted and stored encrypted — on a Microsoft server. According to PCGamer, if you use Windows 10’s “Express” settings during installation, Wi-Fi Sense is enabled by default.
“For networks you choose to share access to, the password is sent over an encrypted connection and stored in an encrypted file on a Microsoft server, and then sent over a secure connection to your contacts’ phone if they use Wi-Fi Sense and they’re in range of the Wi-Fi network you shared,” the FAQ reads.
The company says your contacts will only be able to share your network access, and that Wi-Fi Sense will block those users from accessing any other shared resources on your network, including computers, file shares or other devices. But these words of assurance probably ring hollow for anyone who’s been paying attention to security trends over the past few years: Given the myriad ways in which social networks and associated applications share and intertwine personal connections and contacts, it’s doubtful that most people are aware of who exactly all of their social network followers really are from one day to the next.
Update, July 30, 12:35 p.m. ET: Ed Bott over at ZDNet takes issue with the experience described in the stories referenced above, stating that while Wi-Fi Sense is turned on by default, users still have to explicitly choose to share a network. “When you first connect to a password-protected Wi-Fi network, you choose if you want to share access to that network with your contacts,” Bott writes. Nevertheless, many users are conditioned to click “yes” to these prompts, and shared networks will be shared to all Facebook, Outlook, and Skype contacts (users can’t pick individual contacts; the access is shared with all contacts on a social network). Updated the lead to clarify that users are prompted to share.
El Reg says it well here:
That sounds wise – but we’re not convinced how it will be practically enforced: if a computer is connected to a protected Wi-Fi network, it must know the key. And if the computer knows the key, a determined user or hacker will be able to find it within the system and use it to log into the network with full access.
In theory, someone who wanted access to your company network could befriend an employee or two, and drive into the office car park to be in range, and then gain access to the wireless network. Some basic protections, specifically ones that safeguard against people sharing their passwords, should prevent this.
I should point out that Wi-Fi networks which use the centralized 802.1x Wi-Fi authentication — and these are generally tech-savvy large organizations — won’t have their Wi-Fi credentials shared by this new feature.
Microsoft’s solution for those concerned requires users to change the name (a.k.a. “SSID“) of their Wi-Fi network to include the text “_optout” somewhere in the network name (for example, “oldnetworknamehere_optout”).
It’s interesting to contrast Microsoft’s approach here with that of Apple, who offer an opt-in service called iCloud Keychain; this service allows users who decide to use the service to sync WiFi access information, email passwords, and other stored credentials amongst their own personal constellation of Apple computers and iDevices via Apple’s iCloud service, but which does not share this information with other users. Apple’s iCloud Keychain service encrypts the credentials prior to sharing them, as does Microsoft’s Wi-Fi Sense service; the difference is that it’s opt-in and that it only shares the credentials with your own devices.
Wi-Fi Sense has of course been a part of the latest Windows Phone for some time, yet it’s been less of a concern previously because Windows Phone has nowhere near the market share of mobile devices powered by Google’s Android or Apple’s iOS. But embedding this feature in an upgrade version of Windows makes it a serious concern for much of the planet.
Why? For starters, despite years of advice to the contrary, many people tend to re-use the same password for everything. Also, lots of people write down their passwords. And, as The Reg notes, if you personally share your Wi-Fi password with a friend — by telling it to them or perhaps accidentally leaving it on a sticky note on your fridge — and your friend enters the password into his phone, the friends of your friend now have access to the network.
Source: How-To Geek
An article in Ars Technica suggests the concern over this new feature is much ado about nothing. That story states: “First, a bit of anti-scaremongering. Despite what you may have read elsewhere, you should not be mortally afraid of Wi-Fi Sense. By default, it will not share Wi-Fi passwords with anyone else. For every network you join, you’ll be asked if you want to share it with your friends/social networks.”
To my way of reading that, if I’m running Windows 10 in the default configuration and a contact of mine connects to my Wi-Fi network and say yes to sharing, Windows shares access to that network: The contact gets access automatically, because I’m running Windows 10 and we’re social media contacts. True, that contact doesn’t get to see my Wi-Fi password, but he can nonetheless connect to my network.
While you’re at it, consider keeping Google off your Wi-Fi network as well. It’s unclear whether the Wi-Fi Sense opt-out kludge will also let users opt-out of having their wireless network name indexed by Google, which requires the inclusion of the phrase “_nomap” in the Wi-Fi network name. The Register seems to think Windows 10 upgraders can avoid each by including both “_nomap” and “_optout” in the Wi-Fi network name, but this article at How-To Geek says users will need to choose the lesser of two evils.
Either way, Wi-Fi Sense combined with integrated Google mapping tells people where you live (and/or where your business is), meaning that they now know where to congregate to jump onto your Wi-Fi network without your permission.
My suggestions:
- Prior to upgrade to Windows 10, change your Wi-Fi network name/SSID to something that includes the terms “_nomap_optout”.
- After the upgrade is complete, change the privacy settings in Windows to disable Wi-Fi Sense sharing.
- If you haven’t already done so, consider additional steps to harden the security of your Wi-Fi network.
Further reading:
What Is Wi-Fi Sense and Why Does it Want Your Facebook Account?
UH OH: Windows 10 Will Share Your Wi-Fi Key With Your Friends’ Friends
Why Windows 10 Shares Your Wi-Fi Password and How to Stop it
Wi-Fi Sense in Windows 10: Yes, It Shares Your Passkeys, No You Shouldn’t Be Scared
Brian states 3 good recommendations at the end of this article. However, I think 2 more (that I personally use) need to be added:
4. Setup a guest Wifi network that is totally isolated from your regular Wifi network.
5. Don’t bother with Windows 10. Avoid it at all possible costs!
“4. Setup a guest Wifi network that is totally isolated from your regular Wifi network.”
That might protect your files. I’m not worried about my files. The owner of the network is responsible for whatever nefarious activity goes on on that network. Illegal music sharing? Kiddie porn? The FBI knock’s on the owners door.
Linux is looking better and better to me all the time….
I don’t use the Wifi on my pc but instead use the Wifi on my router. The router seems to have some version of Linux in it.
Generally speaking Microsoft has been very lax in security and apparently is trying to get more sharing, so they can get more profit.
-Bob
I’m not concerned with this at all, not even in the slightest. I don’t have people over to my house who I don’t know and I sure as heck don’t befriend randoms online. Typically my wifi password is something I give to anyone of my friends/relatives who stops by and needs it. If anything that’s always tedious as the password was not default but randomly generated by the router when I set it up.
The fact that they can’t share access with friends of theirs is even better, it’s only shared with MY friends and again only if they’re in my home trying to connect. Furthermore, it doesn’t share the password in plain text, it’s all encrypted and wifi access is granted behind the scenes.
A hacker wanting your information could get in to your current wifi set up with a laptop in a car parked on the street. This is no less secure to that hacker who’d have to go through the same process.
If you’re really concerned, don’t add people you don’t know to your contacts. They could probably do more harm with your personal info than with access to your WiFi.
> A hacker wanting your information could get in to your current wifi set up with a laptop in a car parked on the street.
Wat? Do you honestly believe that? heh
Anyone that has kids knows the problem Microsoft is trying to address. The moment a gaggle full of girls come running into my house, my daughter shares the wifi password with them.
This happens in every household across America! I would like this utility a little more fine tuned… but WiFi sense if far more secure then to 50 or so teenagers that have my WiFi password saved on their phone / tablet.
Krebs, I am sure you will sell some software with all the fear mongering.
Fear-mongering? lol – Micro$ux has been the chief producer of bad security ideas for at least 30 years. And to make this the default is ridiculous even by their “standards”.
If I’m not mistaken Google requires that the SSID ends with “_nomap”, while Microsoft looks for “_optout” anywhere in the SSID-string.
It should therefore be possible to opt out of both. Example:
myssid_optout_nomap
I wonder how many routers will soon have their SSID set to “myssid_optout_nomap” or “optout_nomap”?
I’m not so sure this needs to be at the angst level that this is being made out to be. Regarding offices, if you are using 802.1X, this is not a problem. Furthermore, it appears that you need to actively select (and enter the password) of Wi-Fi networks you want to share. So, it cannot propagate.
This is not to say that these controls couldn’t be overridden. However, this should be a wakeup call to businesses to use 802.1X versus WPA2 in their environment (it doesn’t protect against rogue Wi-Fi spots in the infrastructure though, but that is another problem)
If the box is checked by default, expect everyone’s WiFi networks that contractors, guests, etc. connect to (you’re not going to put them in 802.1x) to be stored on MS’s servers and sent around in minutes after Windows 10 release.
I predict this will be accepted by all but a small percentage of Windows users. In my experience, users value convenience much higher than security. Microsoft knows this which probably explains why they target marketing at managers not the IT staff.
Great information. I will sharing this information with my users.
Wait for the “opt-in” patch to come. 🙂
Um…I thought people that worked at Microsoft were supposed to be smart?
This is terrifying. It’s bad enough most people do not take their computer security seriously enough already…now, a company that SHOULD know better…is basically encouraging people to leave their front doors open, safes unlocked and arrows pointing to the cash under the mattress.
Is it easier for you to get into your own house that way? Sure it is! Makes it easy for the crooks, too…ugh…this is frustrating.
at what point will we as a society start demanding privacy for our stuff from these corporate morons? Just wish some lawyer could file a class action suit against these idiots that feel they have a right to share MY password!!
Microsoft advertises Windows 10 as a more secure operating system. But then they turn around and share our allegedly encrypted WiFi passphrase. Encryption can be broken. What encryption is used, how is this encryption managed, and who controls it? And who gave them permission to dole out any of our WiFi configuration data in the first place? It certainly was not the majority of the Microsoft customer base.
What ever happened to the notion of issuing operating system releases in a secure configuration that requires the user to reduce the security level of the computer in question for a specific purpose?
Perhaps the Microsoft WiFi Sense “feature” should be reported to US-Cert as an inherent vulnerability in the Windows 10 operating system, most especially with respect to the egregious “_optout” requirement. Instead, using “_optin” could be permitted for those people who actually choose to undermine the security of their networked systems.
A better solution would be an option to completely remove WiFi Sense from the system. If this option were available, I would use it.
And BTW, while assorted bad actors and miscreants walk away with digital data having any value, what are assorted US Government agencies doing to encourage a “fix” to this gaping hole in a new operating system? They’ve had enough time to review and analyze Windows 10.
The function can be disabled during setup, which is how any business with half a brain is going to setup their equipment.
The problem comes with BYOB/BYOD, guests, etc.
The Tyranny of the Default
http://blog.pagefair.com/2015/the-tyranny-of-the-default/
Otherwise known as “why we suffered with Internet Explorer 6 for so long”…
A better solution would be to include or exclude WiFi Sense in Windows 10 so that it could be easily removed or added based on end user requirements no matter if you are dealing with a few end users or an enterprise. If WiFi Sense is not installed, then it cannot be misconfigured or misused.
There seems to be a lot of conflicting information out there about Wifi Sense. http://arstechnica.com/gadgets/2015/07/wi-fi-sense-in-windows-10-yes-it-shares-your-passkeys-no-you-shouldnt-be-scared/ Seems to suggest you have to opt in to share each of your keys with the service. Either way you should be able to share selectively with your friends not all of them at once if you use this feature. I will not be using it.
Couldn’t the people whom you gave, in a piece of paper, a text message, a photo, whatever means you chose, your network key pass it along to someone else?
In a way, WiFi Sense is actually safer, because if someone got your network key from WiFi Sense, they can’t readily share it with anyone, because they don’t know it and WiFi Sense won’t let them share it. Maybe they can crack it from wherever it’s stored, but that’s not really something an average, non-computer savvy, person will ever do, or even know how to do.
Speaking of things not easily done by non-computer savvy, sharing networks already stored in your device is another one of them. But don’t take my word for it, you try doing it yourself. Then ask your non computer-savvy friend to do it.
What could go wrong?
Debian 9, even with systemd, is looking better and better all the time. Libreoffice to the boardroom!
Microsoft hasn’t learned from its security failures in the past. The rapid rise of computer hacking was facilitated by Windows OS leaving all the doors and windows open in their operating system. This was done to facilitate its features and sharing with little regard for the criminal intent of some. Now, with Windows 10 they haven’t learned their lesson and are doing it again to spread the use of this new wi-fi idea. ANY service that has the potential for misuse should be opt-in, no exceptions. If users want it they can turn it on themselves and accept the responsibility. I agree this new feature is a big mistake waiting for hackers to use it.
WiFi Sense has been around for over a year in the Windows Phone platform. We should have been outraged back then, but as it is hitting a much larger audience, I guess now is as good a time as any to address this issue.
Yes, it is a stupid feature, and it should not be enabled by default. And, perhaps, it should not exist at all.
In Windows Phone, it is deactivated by simply disabling it by removing a check from a box. Nothing complicated… However, what does concern me is an improperly managed enterprise end point where the user has the capability to enable the feature.
Wow! I’m reading a number of things relating to Internet security (admittedly Apple centric, but also Win and Android for kicks and tips to friends) on a daily basis and that’s the first I’ve heard that Windows phone was already being built with loose lips.
Forced updates on Win10, now this. What else? Looks like I’ll be staying with 7 for long time.
+1
Yup.
This has to be one of THE most lamest ideas ever put forth by Microsoft! How dare they assume they can share my network credentials! That’s complete idiocy on their part…. so I have to completely up-end my network just to prevent them from assuming rights to share my encrypted network password? Forget it Microsoft!
Nice…
A statistic on a government chart, aren’t we all.
EVERYONE CALM DOWN. There is a way to disable this new feature in Windows 10. So it is your choice whether you would like to allow your contacts to view your wifi information. If you would like to know how visit this link below
http://www.wired.com/2015/07/share-not-share-wi-fi-windows-10/
When a “security patch” comes out and re-enables this “feature” it will be another story. Opting out of anything is purely a ludicrous way of hiding something that a typical user will never care nor understand. They are too concerned about getting the FREE software and will hit the next, next, next buttons with glee, unaware that these services will create chaos later in life.
Software can be broken by software – and malware. Microsoft is known for its security issues, and adding features like this eventually will stir the Privacy advocates through the roof.
This is only the beginning of things to come. If you use wireless, this one more thing to add to the “worry about list”.
Regarding the Apple Keychain, I think there is an important point that folks generally are not aware of and that is any Apple device allowed to authenticate on a network will share those credentials with all other devices using the same Apple ID if the iCloud Keychain is turned on.
If one of those devices happens to be a Mac, then the credentials are there to be read out of the keychain in plain text.
The take away here is that even if you enter your WIFI login credentials without the owner of the apple device seeing them, they can pull them from their Mac later (iOS devices don’t make wifi keys visible like Mac does).
So in every case, it is better to use a Router that offers a separate guest network and to give this authentication info to your guests. (This also makes it easy to change the guest pw frequently with out disrupting all of your own devices already authenticated on your network.)
If you don’t have a router that offers a guest network feature, then you might think about retiring your old equipment. (Everybody has favorites for routers, but I would recommend looking into the Apple Airport family of routers. They are among the more pricy routers, but they are easy to set up, can be administered via an iOS/Mac/Windows app, and haven’t succumbed to WAN attacks like many of the name brand routers have. Also, when Apple pushes updates to them, the single normally green light will blink amber and the Airport Utility app will have a red badge signifying an update awaits installation. And yes, they offer an easy to configure guest network.)
I think anyone who depends on OEM firmware to run their wireless router is running a ticking timebomb waiting to go off.
You assume Apple’s airports are vulnerable but with Apple’s airports being an opaque box of inscrutability it’s not like you’d know if they were taken over. There’s no adequate logging functionality, there’s no adequate terminal (telnet/ssh) access, it’s just their infuriatingly limited Airport application to control the extremely limited feature set offered by their devices.
But even though you’ve made a massive premium for their hardware, once Apple discontinues their routers (via upgradeitis) the firmware updates for the previous generation usually stop a short time later. The discontinuation of hardware updates has traditionally happened far faster than it does for their desktops OSes which is currently working at around 3 years but will soon jump to 2 (once 10.11 ships this fall the oldest OS still receiving minimal updates will be 10.9, which was released 2 years ago). Personally I think Apple’s policy made sense when they were releasing updates every 2 years, so you get 6 years of support out of an OS, but this yearly release schedule w/o an update to the maintenance schedule borders on the absurd…
On the other hand, it may be possible that soon their hardware will be supported longer than their desktop OSes, simply because the hardware’s support schedule was based on a fixed time and didn’t include variables like when desktop OSes are released.
You can enable logging in the syslog format on Airport. I have mine feeding into greylog2. Works great.
Apple Dewd, thanks for the tip! are you able to provide any links to good instructions on setting up the logging function?
Some of what you say is true, some misleading (maybe unintentionally, as to not explaining, what you term “upgraditis”, why some older gear can’t run newer OS X), and some entirely speculative (AFAIK, Apple has not announced its upgrade cadence plans, they rarely ever speak about future plans like that.)
The premium for an Airport is not as excessive as your comments would make it seem, and the inscrutability of what’s inside is, for anybody below pro user level, no less scrutible than any other router and for the casual user, it is easier to administer than most other routers, and Apple was pushing firmware updates in a user noticible way when the competition was both not makining updates available, not able to push them, and requiring users to waste time checking via a web browser if there was any maintenance necessary.
“Regarding the Apple Keychain, I think there is an important point that folks generally are not aware of and that is any Apple device allowed to authenticate on a network will share those credentials with all other devices using the same Apple ID if the iCloud Keychain is turned on.
If one of those devices happens to be a Mac, then the credentials are there to be read out of the keychain in plain text.
The take away here is that even if you enter your WIFI login credentials without the owner of the apple device seeing them, they can pull them from their Mac later (iOS devices don’t make wifi keys visible like Mac does).
So in every case, it is better to use a Router that offers a separate guest network and to give this authentication info to your guests. (This also makes it easy to change the guest pw frequently with out disrupting all of your own devices already authenticated on your network.)”
This only gives your password to the friend you already allowed on your network. Yes, he can look up the password in his Mac keychain; of course to do this he needs to know his account password. And that his keychain even exists, and how to access it, which, let me tell you as a Mac consultant, very few do.
Comparing this to someone inadvertently (because most computer users, face it, don’t know diddly-squat) granting your Wi-Fi credentials to their 2000 Facebook friends , whether or not they know the actual password, is an order of magnitude in difference.
My company uses Microsoft and I am required to use it but I retire in January bye bye PC hello Mac. Microsoft insecurity at it’s best. Face palm. Enough said
Why would anyone at Microsoft think this is a good idea…
I don’t understand Brian . What is Wi-Fi Sense? My friends can use my wi-fi if they don’t have Internet access ?
…You don’t understand what WiFi is or does, do you?
rude comment . I said what is wi-fi sense? and of course I know what Wi-Fi is
If this is the case, then I do not want windows 10. And if I have to do this upgrade, then I’m out of Outlook completely. Am I understanding this correctly?
I could see this having its use. It’s really going to depend on your wifi setup.
If you don’t have a guest network, chances are if someone comes over to your house, they are going to ask for the wifi password to connect. Hell, my babysitter needs it so she can watch Netflix when my kids go to bed. If you are giving people your wifi password, how secure is it anyhow? That said, I’ll still disable this on my core network.
However, if you have a router that also has a guest network, this could come in handy. All of my friends could gain my guest network password through Wi-Fi Sense without me having to worry about it. By default, I don’t trust my guest network.
If you have a properly set up wifi network with a guest network, this shouldn’t be that much of a problem. If you’re handing out your main network password to everyone that visits, you’re little better than using WiFi Sense anyhow in my mind. Especially since I can count on one hand the number of people that come over with another Windows device. I’m the only person I know in my circle with a Windows Phone/Surface Tablet.
I wonder if a SSID of McDonalds or Starbucks with a WPA2 password will cause any issues when shared through WiFi Sense?
Microsoft being dumb again, what an enormous surprise.