Microsoft Kills Controversial Windows 10 Wi-Fi SenseMicrosoft Kills Controversial Windows 10 Wi-Fi Sense
In its latest Windows 10 build, Microsoft disables its Wi-Fi Sense feature, which allows users to easily share their networks with friends -- and, inadvertently, hackers.
May 11, 2016
Windows 10: Why These 10 New Features Matter
Windows 10: Why These 10 New Features Matter (Click image for larger view and slideshow.)
Microsoft has removed the controversial Wi-Fi Sense feature in its latest Windows 10 build amid pressure from the security community and the lack of robust user adoption.
The company noted in its Windows 10 Build 14342 blog post on Tuesday:
We have removed the Wi-Fi Sense feature that allows you to share Wi-Fi networks with your contacts and to be automatically connected to networks shared by your contacts. The cost of updating the code to keep this feature working combined with low usage and low demand made this not worth further investment. Wi-Fi Sense, if enabled, will continue to get you connected to open Wi-Fi hotspots that it knows about through crowdsourcing.
Security experts raised concerns about Wi-Fi Sense last year. The feature allowed users to automatically share access to their networks, without providing them the actual password.
"The sharing of information technology security credentials and authentication information has always been a heavy source of contention and controversy within the industry. It is contrary to best practices everywhere to share passwords, hidden SSID information, and even WPA2 passwords. Yet, we must share this information in order for devices to connect to wireless networks and shared online services," Morey Haber, vice president of technology at BeyondTrust, told InformationWeek in an interview.
He added: "Windows 10 WiFi was designed to make this process simple and secure by sharing WiFi information among trusted friends and peers so the information does not have to be exposed and keyed in manually. While the intention sounded great on paper, the security details and methods for exploitation became apparent after the feature was released and theoretical methodologies for exploitation emerged."
The ramifications of freely trusting the connection information with friends and peers is just as bad as publishing the SSID and password publicly, Haber noted. For example, if you are a trusted friend or team member, it could be just a matter of time before your network is compromised and jeopardizes the entire Wi-Fi Sense trusted network.
Harber applauded Microsoft's decision to disable its Wi-Fi Sense feature. The change rolled out in the Preview Build 14342 will be available generally to other Windows users as part of the Anniversary Update due to be released this summer.
"Based on the lack of implementation, security concerns, and potential issues with Wi-Fi Sense, I think Microsoft did the right thing by disabling this feature in future releases," Harber said. "Current users have some valid use-cases for the technology in temporary installations (game night, etc.), but most of those are limited to home usage. I certainly would never recommend using it in a commercial environment. Ever."
About the Author(s)
You May Also Like