If you upgraded your Surface to Windows 10, you now have the functionality known as Wi-Fi Sense. Wi-Fi Sense is a feature that lets Windows 10 users share the login credentials (i.e. network name and password) for a Wi-Fi router with friends and contacts without letting them see the actual password. Better yet, when configured, it does all of this automatically.
In addition, it also lets you automatically connect to open Wi-Fi networks that have been discovered by other Windows 10 users.
In this post I will give details on Wi-Fi Sense:
- How it works
- Security risks
- How to mitigate the risks
- Built-in safeguards
- How to turn off Wi-Fi Sense
- How to share connections with friends
- Public networks
Let’s take these one at a time.
Windows 10 Wi-Fi Sense: How does it work?
The part about open networks is pretty straightforward: Microsoft has a database of open Wi-Fi networks (typically Wi-Fi routers that don’t require a password); that database is crowd-sourced from other Windows 10 users. If you come within range of one of those networks, your Windows device will connect to it automatically.
Wi-Fi Sense’s other feature (the ability to share access to Wi-Fi networks) is a bit more complex and may need some explanation. Basically, Wi-Fi Sense (which is turned on by default when you install Windows 10) will offer you the option of sharing the network information with your Facebook friends and Skype/Outlook.com contacts list every time you connect to a new router. In addition, you can also share access to previously saved Wi-Fi networks.
Once you share access to a network via Wi-Fi Sense, Windows encrypts the credentials and puts them up on a server over an encrypted connection. Next, Microsoft distributes those encrypted credentials to your contacts who have Windows 10 on their PCs, tablets, or smartphones. If any of those people come within range of the router for which you’ve shared access, Windows 10 will automatically connect them — without asking them for a password.
There’s a couple of catches: first, it’s very much a “tit-for-tat” type of functionality. You can’t receive a Wi-Fi Sense login from your contacts until you share access to at least one router yourself. Second, it’s an “all of nothing thing” You can’t just share the network credentials with a single contact. Despite those catches, it still sounds cool, right? No more trying to tell someone what the password to your home network is and having them mistype it three times before you finally do it for them.
Not so fast, there are some potential security risks with this feature you need to know about…
Windows 10 Wi-Fi Sense: How is it a Security Risk?
First, keep in mind that Wi-Fi Sense is potentially a security problem. It doesn’t mean it is a security problem but that it could be. I’ll run through a couple of scenarios to outline how it could be a security problem for you:
- It could allow someone onto a secure network (of a business place, for example), simply for being friends with one of the employees that has a Surface (or other Windows 10 machine) setup with Wi-Fi Sense on and sharing. You want to see your IT guy freak out? let him catch your 14-year old nephew (who should not have the Wi-Fi password) using the wireless network to download pirated movies because it automatically connected him.
- It’s not inconceivable that someone (let’s say a neighbor) could could become one of your Facebook friends simply so they can get access to your network to do something illegal such as downloading pirated software or worse. Don’t think that happens? Well, take a look at this Wired article from a few years back: Wi-Fi Hacking Neighbor.
Microsoft says your contacts will only be able to share your network access (nothing else). And, that Wi-Fi Sense will block those users from accessing any other shared resources on your network – including computers, file shares or other devices. But given the number of ways that social networks and applications share and intertwine connections (and contacts), it’s not out of the question that someone could figure out how to “grab” your encrypted credentials (with your network password) and decrypt it.
Important Clarification: According to Microsoft’s Wi-Fi Sense FAQ – “The networks you share aren’t shared with your contacts’ contacts. If your contacts want to share one of your networks with their contacts, they’d need to know your actual password and type it in to share the network.” So you don’t have to worry about the password “spreading” to your friend’s friends.
Now, tell me you don’t see at least one or two potential security issues with the feature?
Windows 10 Wi-Fi Sense: What Can I Do About The Risk?
First you need to know that there ARE some safeguards built into the Wi-Fi Sense that will keep you from accidentally sharing your network information and some will even prevent anyone from using Wi-Fi sense on your wireless networks.
Here’s a quick rundown:
- By default, your Surface won’t share any password-protected hotspots it is aware of. You have to go into your Wi-Fi Settings and tell it to share a particular hotspot but, once you do so, it will try to share it with your Outlook.com, Skype, and Facebook contacts.
- To get the Facebook integration to work, you have to take the extra step of giving Facebook permission to access the information.
- It is possible to add the text “_nomap_optout” to the end of your wireless network’s SSID. This will tell Wi-Fi Sense to not share it regardless of what a user says to do.
- If your wireless network is using 802.1x (PNAC), it will prevent the password from being shared.
If you feel the safeguards Microsoft put in place aren’t enough and you’re still concerned about security, you can completely turn off Wi-Fi Sense on your Surface by doing the following:
- Swipe in from the right of the screen to bring up the Action Center.
- Tap and hold (right-click) on the Wi-Fi Button then select Go To Settings.
- Scroll down to find the Manage Wi-Fi Settings link, select it.
- Configure the settings as follows:
If you configure your settings to look like the example above, Wi-Fi Sense is off and you don’t have to worry about accidentally sharing out network information to others from your Surface.
Windows 10 Wi-Fi Sense: How Do I Share My Wi-Fi Connections With Friends?
Conversely, if you may fall into the “I understand why some people would care but I don’t” or the “awesome, you mean I’ll automatically get Wi-Fi at my friends’ houses” category, then you might want to know how to configure it to share some or all of your networks.
Here’s what you need to do that:
- Swipe in from the right of the screen to bring up the Action Center.
- Tap and hold (right-click) on the Wi-Fi Button then select Go To Settings.
- Scroll down to find the Manage Wi-Fi Settings link, select it.
- Verify your settings are as follows (these are actually the defaults):
- Next, select the Wi-Fi Sense Needs Permission To Use Your Facebook Account and follow the directions.
After getting your settings configured, you will still need to individually share the Wi-Fi networks your Surface has stored. Here’s the steps for that process:
- Go back to the Settings screen, scroll down to the Manage Know Networks section and select one of the networks you want to share with your friends.
- You’ll be given an option to Share and an option to Forget. Select the Share option (yes, I really named my Wi-Fi that).
- Next, you’ll be prompted to manually enter the network password. Enter it then selectShare.
- Repeat as desired to share all of the networks you want to share.
That’s it, now your friends will be able to connect to that network(s) without the need to enter (or even know) the password(s). Despite the security implications, I have to admit, it’s a pretty handy capability.
Windows 10 Wi-Fi Sense: Public Networks?
A word of caution on public networks; if you connect to a public network through Wi-Fi sense, you should still use the practices outlined in the article Public Wi-Fi Security Risks, 4 Things You Can Do To Protect Yourself. All public Wi-Fi security risks mentioned in that article still apply.
Windows 10 Wi-Fi Sense: Conclusion
Wi-Fi Sense is a pretty cool, and handy, feature you get with Windows 10 but you really need to understand the security risks and ramifications. The information above should not only give you a good idea about the security aspects of the feature but also help you set it up to meet your needs.
If you still have questions about Windows 10 Wi-Fi Sense on your Surface, check out the Microsoft FAQ on Wi-Fi Sense for more information. Also, KrebsOnSecurity article offers good insight into the security ramifications from a IT security engineer’s point of view. Just be aware that, like most security engineers, he might come off as a bit paranoid.
Tim