Lenovo laptop customers with the Lenovo Vantage app for Windows 10 (preinstalled by default) are being prompted to enable a new feature called Lenovo WiFi Security. Lenovo claims the feature will help protect its customers against “malicious WiFi networks”. But what does the feature actually do? and should you bother enabling it?
The promise of Lenovo WiFi Security is that it will, somehow, “help protect you from connecting to malicious WiFi networks” and “reduce the risk of having your computer and data exposed to attackers”.
However, there are very few details available about how Lenovo WiFi Security actually works and what it does once its enabled. It’s also really hard to get any concrete details about the feature out of Lenovo or Coronet Cyber Security; an Israeli company that provides the infrastructure that powers Lenovo WiFi Security.
Lenovo WiFi Security appears to be a branded distribution of Coronet SecureConnect; a product of which there is no specific information available on the web. Coronet hasn’t published much details about how any of their services work, but I’ve been able to dig up some hints here and there from historical product pages and news snippets.
So what does Lenovo WiFi Security protect against?
It’s unclear exactly what capabilities Coronet SecureConnect has and which have been incorporated into Lenovo WiFi Security as there is no documentation available about either. I’ve collected some of the most specific statements I’ve been able to find regarding Coronet’s claimed capabilities:
These statements are all made about Coronet SecureCloud product and not their SecureConnect product. I’ve asked Coronet and Lenovo multiple times to provide more specific details about Lenovo WiFi Security, but I’ve not received a reply from either companies.
Let’s put it to the test
I’ve setup a few different test networks that should seem suspicious, including one with WPAD/DHCP-PAC (proxy auto-configuration), a transparent proxy, and poisoned DNS responses. I even walked about Oslo city center and connected to more than 50 open WiFi access points. All of these networks were cleared by Lenovo WiFi Security as “compliant” with a green rating.
I only managed to trigger a warning from Lenovo WiFi Security after connecting to a WiFi access point that relayed all traffic through a Tor exit node in Russia using my InvizBox.
At least one of the Wi-Fi access points I connected to is known not have been patched against the KRACK Attack vulnerabilities. I also really doubt that all the networks and devices I connected to in the Oslo city center would have been patched and updated.
I’m frankly surprised more of my attempts weren’t detected as malicious. I thought a transparent proxy would trigger warnings for sure. It’s also notable that you only get one notification from the app informing you about a potential malicious network. You can’t get any more information about the potential risk than the rating (green, yellow, or red).
On one of my household’s three Lenovo laptops, Lenovo WiFi Security will go into an infinite crash loop every minute or so when enabled.
Privacy and location data
Part of the information that Lenovo WiFi Security collects about wireless networks is the same information used to location-triangulate devices. You’re prompted to grant the Lenovo Vantage app access to your device’s location through the Windows.Devices.Geolocation service when you enable Lenovo WiFi Security. Read this article for an introduction to this broader topic.
Lenovo’s Product Privacy Statement doesn’t mention Lenovo WiFi Security, Coronet Cyber Security, or the collection of location data. I contacted Lenovo’s dedicated privacy contact and got the following statement:
I really don’t know what to make out of Lenovo WiFi Security. I can see the value proposition, but the service doesn’t seem to deliver on it. It doesn’t provide enough information to genuinely help people make good decisions about WiFi network security. It also doesn’t block you from connecting to malicious or suspicious networks. I expected it to abort the connection and prompt me for a confirmation before establishing the connection. All you get is one easily missed notification.
I’m also surprised by the lack of transparency in how the service works and its implications on your privacy. Do you want to send your device location data to an Israeli company?
The short and long of it is that you should never connect to a public Wi-Fi access point. Lenovo WiFi Security can only leave you with the false sense of security and make you trust networks you shouldn’t use.
If you absolutely have to connect to a public WiFi access point, then the only thing that can offer you some level of protection is a virtual network provider (VPN). Assuming of course that you can trust your VPN provider and you don’t end up putting them in a position where your VPN can intercept your traffic more easily than a compromised or malicious Wi-Fi network.