Windows 10's Wi-FiSense feature poses a security risk, and it actively shares WiFi passwords with users' contacts, posing a threat to network security. These contacts include the user's Outlook.com contact, Skype contact, and Facebook friend (requires the user to actively enable it).
Microsoft's Wi-FiSense feature is designed to make it easier for users to use the wireless network: if you walk into a WiFi network, your friends know the password for the network. If you all use Wi-FiSense at this time, you can also log in to the network directly. However, it is also convenient and can also bring security risks. Wi-Fi Sense does not display clear text passwords to your family, friends, or acquaintances, but if your partner is also running Wi-FiSense, you can access your WiFi network.
These passwords are stored on Microsoft's servers and are copied to the appropriate device when the conditions are met, but Microsoft does not let you see it. How successful the Wi-FiSense feature will be is still unknown.
Microsoft wrote in the Frequently Asked Questions (FAQ) section of Wi-FiSense: "For the network you wish to share, the login password will be sent to Microsoft via an encrypted connection and stored as an encrypted file in the Microsoft server. . In the future, when your friends use Wi-FiSense and are within the coverage of the WiFi network, a secure connection will be sent to your contact's mobile phone. ”
Microsoft also added that Wi-FiSense only provides Internet access and prohibits others from connecting to other content on the WLAN. This sounds smart, but it can be difficult to implement. If a computer is connected to a protected WiFi network, it must know its key. If the computer knows the key, the user or hacker can find the key on the computer, log in to the network, and gain all access.
In theory, if an outsider wants to use your company's WiFi network, you only need to become friends with one or two employees of your company, and then enter the network coverage, you can use it at will.
In fact, Windows Phone 8.1 based Windows Phone phone already supports this feature. If you enter a password on your Lumia phone, it means you don't have to type it on your laptop because you are your own friend. Given the limited market share of WindowsPhone, the threat is not yet large.
However, if all notebooks within the corporate WiFi network coverage are installed with Windows 10, the security risks are enormous. In addition, if you allow WiFiSense to get your Facebook contacts, Microsoft will also get a list of your Facebook friends and provide them with a WiFi password.
To address this vulnerability, Microsoft recommends that users add their WiFi network name (SSID) to a blocked list to prevent Wi-Fi Sense from obtaining relevant information.
Under Windows 10, Microsoft turns on Wi-Fi Sense by default and shares WiFi passwords with contacts unless the user actively sets them up the first time they connect. Although turning off Wi-FiSense can cause some trouble for users, it can improve network security.