Unsafe default Wi-Fi connection policy and sharing settings in Windows 10 put both users’ device communications and private networks at risk of interception and attack. Windows 10 to distribute your network passwords and connect to insecure Wi-Fi hotspots by default.
Accepting the Express settings during the first-run of Windows 10 will share your network passwords with your Outlook, Skype, and Facebook contacts and connect automatically to insecure open Wi-Fi hotspots. Enabling wider network access for everyone at the expense of network security.
As a Windows 8 or 8.1 user, you’re likely already giving Microsoft the passwords to all the Wi-Fi networks you connect to regularly. With Windows 10, Microsoft have started distributing the passwords they’ve harvested from your devices freely with your contacts.
Microsoft even acknowledges in Express settings overview that “not all networks are safe.” Despite this acknowledgment, it’s still the default setting for Windows 10 to connect to open networks — no questions asked.
Microsoft are trying their damnedest to give their users what they want: constant connectivity from anywhere. To deliver that without deploying massive networks of their own, Microsoft is willing to compromise the network and device security of their enterprise and home users.
Anyone in the vicinity or an operator of an open network can intercept, manipulate, and store your traffic from an unencrypted network as its soaring through the air. The default settings in Windows 10 are to connect to Microsoft-suggested open Wi-Fi networks. This goes contrary to years of security expert advice against connecting to open and untrusted networks.
The “Suggested Wi-Fi hotspots” comes from a database that Microsoft says it’s crowdsourcing. I’m merely speculating but this likely means that when enough users have shared the same hotspot’s SSID (and possibly password?) through Wi-Fi Sense, then the hotspot will be considered an open hotspot and added to the list of suggested Wi-Fi hotspots. It also means Microsoft can blacklist specific hotspots and likely device manufacturers (from their MAC address) when especially worrisome devices or networks are known.
It’s unclear how exactly the password sharing will work in Windows 10. Either it will require a mobile internet connection to download the network credentials only when your device is in the vicinity of a shared or open network, or alternatively, it will keep an offline database of all the passwords that are shared with you on the in a wider area on the local device. The latter option seems more useful for a laptop that’s less likely to have a mobile connection available. Windows Phone 8.1 implemented only the first option — which makes sense given all the connectivity options available on a phone. Windows 10 and Windows 10 Mobile doesn’t yet seem to receive any connection information from Wi-Fi Sense so it’s not possible to verify exactly how this will work yet.
Wi-Fi Sense also uses private networks shared by your contacts to connect your devices. Likewise, your network information is shared among your contacts.
Not seeing the password only means that the user will not be bothered by having to enter it. The device will either require a mobile data connection to fetch the passwords for your contacts at your current location, or maintain a local copy of all contacts’ networks. The device must obtain an unencrypted copy of the network password to establish a connection. This means that the password will be interceptable on your contact’s devices when they access the shared network.
If you’re using the same password for your home Wi-Fi as on other websites, that password may be known to your contacts upon the installation of Windows 10. Considering that many ignore the long-standing security best-practice of not reusing the same passwords in multiple places, this could be a big security problem for some Windows 10 users.
New in Win 10 are options for choosing which broad groups of contacts to share network passwords with. Any password and network shared with you from any of these groups are accepted with no questions asked.
- Outlook.com contacts
- Skype contacts
- Facebook friends
You can share only your guest network with some extra fiddling. From Settings: Network and Internet: Wi-Fi chooses your main network from the list. Check the box for “Connect automatically”, click Connect, and then don’t check the box for “Share network with my contacts.” Repeat the process for your guest network, but reverse the order of checked/unchecked options to not connect automatically and to share the network. You can’t share your network with your contacts without also accepting to connect your devices to your contacts’ shared networks. Consider adopting a VPN solution (available in high-end routers or from third-party service providers) whenever you’re not on your home network to keep your sensitive network traffic safer.
The above quote from Microsoft isn’t entirely true. As the shared connection endpoint is inside your local network, other machines and shared resources are indeed reachable. Windows merely disables automatic methods for discovering shared network resources (same as what happens in Windows when marking a connection as Public instead of Private). There’s no proxying, tunneling, or blocking of connections to private IP address ranges when using Wi-Fi Sense on Windows Phone 8.1. I haven’t been able to test it on Windows 10 yet, but from available materials on Windows 10 there are no hints at anything like this going on.
Enterprises may have to change their bring-your-own-device policies ones those devices start sharing access to the corporate network to employees’ wider contact networks. It’ll be just as an unwanted point of entry in corporate networks as in your home network. Networks using 802.1X authentication are excluded from being shared in the Wi-Fi Sense sharing program.
As per the terms of service from my internet service provider, they can terminate my contract for sharing access with anyone outside my household. I doubt that contract-clause would be legally enforceable, but now my Windows devices have on their own decided to share my network connection with my contacts. I’m very curious as to how that court case would go down.
Network administrators can opt their networks out of the Wi-Fi Sense sharing program altogether by adding “_optout” to their network’s SSIDs. However, this doesn’t remove the checkbox for sharing the network when you join it. In the Wi-Fi Sense settings manager, the network will be listed as “Known” but also labeled “Can’t share.”
Wi-Fi Sense’s opt-out mechanism is similar to Google Location Services’ “_nomap” SSID tag. Wi-Fi Sense’s “_optout” is very generic, and I wish Microsoft would have chosen something more specific like “_nonsense”, “_noshare”, or “_private” instead.