Warning: Windows 10 will share your Wi-Fi key with your friends' friends

[Batu69]

Tell a pal your password ... and their FB mates will get access too

A Windows 10 feature, Wi-Fi Sense, smells like a security risk: it shares access to password-protected Wi-Fi networks with the user's contacts.

Those contacts include their Outlook.com (nee Hotmail) contacts, Skype contacts and, with an opt-in, their Facebook friends. There is method in the Microsoft madness – it saves having to shout across the office or house “what’s the Wi-Fi password?” – but ease of use has to be tamed with security. If you wander close to a wireless network, and your friend knows the password, and you both have Wi-Fi Sense, you can now log into that network.

Wi-Fi Sense doesn’t reveal the plaintext password to your family, friends, acquaintances, and the chap at the takeaway who's an Outlook.com contact, but it does allow them, if they are also running Wi-Fi Sense, to log in to your Wi-Fi. The password must be stored centrally by Microsoft, and is copied to a device for it to work; Microsoft just tries to stop you looking at it – how successful that will be isn't yet known.

"For networks you choose to share access to, the password is sent over an encrypted connection and stored in an encrypted file on a Microsoft server, and then sent over a secure connection to your contacts' phone if they use Wi-Fi Sense and they're in range of the Wi-Fi network you shared," the Wi-Fi Sense FAQ states.

Microsoft also adds that Wi-Fi Sense will only provide internet access, and block connections to other things on the wireless LAN: "When you share network access, your contacts get internet access only. For example, if you share your home Wi-Fi network, your contacts won't have access to other computers, devices, or files stored on your home network."

That sounds wise – but we're not convinced how it will be practically enforced: if a computer is connected to a protected Wi-Fi network, it must know the key. And if the computer knows the key, a determined user or hacker will be able to find it within the system and use it to log into the network with full access.

In theory, someone who wanted access to your company network could befriend an employee or two, and drive into the office car park to be in range, and then gain access to the corporate wireless network.

The feature has been on Windows Phones since version 8.1. If you type the password into your Lumia, you won’t then need to type it into your laptop, because you are a friend of yourself. Given the meagre installed base of Windows Phones it's not been much of a threat – until now.

With every laptop running Windows 10 in the business radiating access, the security risk is significant. A second issue is that by giving Wi-Fi Sense access to your Facebook contacts, you are giving Microsoft a list of your Facebook friends, as well as your wireless passwords.

In an attempt to address the security hole it has created, Microsoft offers a kludge of a workaround: you must add _optout to the SSID (the name of your network) to prevent it from working with Wi-Fi Sense.

(So if you want to opt out of Google Maps and Wi-Fi Sense at the same time, you must change your SSID of, say, myhouse to myhouse_optout_nomap. Technology is great.)

Microsoft enables Windows 10's Wi-Fi Sense by default, and access to password-protected networks are shared with contacts unless the user remembers to uncheck a box when they first connect.

Choosing to switch it off may make it a lot less useful, but would make for a more secure IT environment.

Yes, wireless passwords can be written down and trivially passed along to others: we know network security shouldn't end at the Wi-Fi login prompt. But there's nothing like an OS automating the practice of blabbing passphrases to your mates, eh?

Source

[oliverjia]

What the fuxxk is Microsoft doing?

[Kalju]

Windows also sends some kind survey, where it wants to receive from you a very personal details, including your Windows account log-in information, your actual place of residence etc.
Of course, if the sender is still Windows, we do not know that.
So be careful, if You get something similar.

[petok]

Windows 10 will be with more settings for privacy, but for protect all shared information off. Then be secure I never used default setting from windows most be tweak setting for privacy.

[212eta]

Windows and Privacy have never 'walk hand in hand'... ;)

[Chancer]

This looks like an issue to keep an eye on.

[kraftwerk]

What? Windows 10 will share MY Wi-Fi key with my friends' friends? :party:

No, it won't.

[Gabben]

What? Windows 10 will share MY Wi-Fi key with my friends' friends? :party:

No, it won't.

it will...

[software182]

It's easy, just use it offline :tehe:

[kraftwerk]

it will...

No, it won't...

It's easy, just use it offline :tehe:

That would not work. :)

Considering that Microsoft would have to enter my house and

* force me to replace Windows 7 with Windows 10;

* install and setup Outlook in my machine; or

* open a Skype account; or

* sign me in of Facebook;

AND, of course, to enable Wi-FI in my modem...

it would be easy for them to plug my machine online again! :clap:

[Actarusse]

:huh: :angry: :s :blink: :boxing: :think: :eekout: :spank: :lol:

[thunderpants]

I just ran AVG Tuneup 1 click maintenance and in the 'optimisation of startup section' one of the things it wants to stop is "scheduled task" "collection of usage data for windows"

Main program 'windows sqm consolidator'

"Even if u opt out of the customer experience program Microsoft still creates the scheduled task but doesn't collect any data".

It was on win 7 and i'm wondering if win10 has similar stuff and if it can be stopped.

edit:

sorry ,this is a bit off-topic i thought i was in the win 10 thread i posted in earlier.

[Actarusse]

edit:

sorry ,this is a bit off-topic i thought i was in the win 10 thread i posted in earlier.

:spank: :lol: :D

[thunderpants]

1. Windows 10 Spying v 1.2.0.0

Remove Windows 10 Spying Features.

https://wintoflash.com/forum/viewtopic.php?p=48249#p48249

2. Disable Win 10 Tracking v 1.5

https://github.com/10se1ucgo/DisableWinTracking/releases/latest

3. Debloat Windows 10

https://github.com/W4RH4WK/Debloat-Windows-10

4. Destroy Windows 10 Spying v 1.4.3

http://rutracker.org/forum/viewtopic.php?t=5054236https://twitter.com/nummerok/

The new Win10 programs are in-coming :)

[ricktendo64]

WRONG!!! This is better than actually giving your friend/family your wifi password, because they will NEVER know your password and you can aprove/reject their access to your network... YOU HAVE TO APROVE THEM!!!

[dcs18]

Tell a pal your password ... and their FB mates will get access too

Anybody who does not mind disclosing their password (not limited to Wi-Fi) to their (friend — or anyone else) would surely not mind Windows 10 spawning the same across Facebook . . . . . . . . no? :dunno:

[Chatman]

Facebook? What's that?

[steven36]

Its very simple if you do have M$ account witch i dont ..Don't sign in with you're computer ..Only sign in thorough you're browser . If you need a mail client or something use Thunderbird . :lol:

[dMog]

as near as i can see to have your password shared you have to freakin set it up to be shared.... it will not be automatically done...and if i also remember correctly .... the main idea behind this so called sharing is for a work group limited to an office setting where everyone shares and collaborates on documents and projects...the chicken little's of this world never cease to find new sky's that are falling....