Windows 10 Wi-Fi Sense for hotspot sharing: Is it safe?

Microsoft's Windows 10 Wi-Fi Sense was designed to make hotspot sharing easy, but experts debate if the security risks are real and whether the new feature offers substantial benefits and relative safety.

Windows 10 Wi-Fi Sense is a new Windows feature that gets no respect.

Widely viewed as controversial, Wi-Fi Sense makes it easier to share access to public and private Wi-Fi hotspots -- and in the process, makes it easier, and more transparent, for users to automatically connect to those hotspots. Though some experts recommend turning it off entirely, others say organizations may find it useful. And, enterprise Wi-Fi networks using 802.1x for user authentication don't have to worry at all, as Wi-Fi Sense can't share those access credentials.

While there have been no reports yet of attacks, exploits or vulnerabilities associated with using Windows 10 Wi-Fi Sense, some experts are convinced there will be in the future. Microsoft still stands behind Wi-Fi Sense as a useful feature, and experts agree it may be useful for consumers -- and even professional users. Here's a closer look at the debate around this new feature.

What's the problem?

"Wi-Fi Sense was obviously created with consumers, not businesses, in mind," said Craig Mathias, principal of Farpoint Group, an IT consultancy based in Ashland, Mass. "We recommend all Wi-Fi networks be secured, so the ability to connect to an 'open' network would make no sense," he said. "Sharing credentials is extremely dangerous, so the rest of Wi-Fi Sense also makes little sense."

We recommend all Wi-Fi networks be secured, so the ability to connect to an 'open' network would make no sense. … Sharing credentials is extremely dangerous, so the rest of Wi-Fi Sense also makes little sense.
Craig Mathiasprincipal of Farpoint Group

Microsoft's aggregation of network access credentials is seen as part of the problem, even though Microsoft said they will be encrypted and never exposed to users sharing access. Having a concentrated collection of Wi-Fi passwords is viewed as offering an attractive target for attackers. Also, Microsoft has been vague about how the passwords are protected, leaving some uncertainty over whether or not the passwords are truly out of reach of sophisticated users or attackers.

However, there may still be a place for Windows 10's Wi-Fi Sense in some settings. "If you follow the guidelines and ensure you have rules in place then you will be safer using Wi-Fi Sense than connecting to the first public network called 'Free_Secure_WiFi'," according to Mark James, security specialist at antivirus vendor ESET. "If you want to offer these services to your employees or business contacts then it's a better way of doing it than having numerous bits of paper printed with passwords ready for the receptionist to hand out at will."

James also suggested enterprises offer guests "a separate, 'dirty' Wi-Fi network to connect to" rather than the main network in order to keep guests out of corporate production networks. But enterprises shouldn't stop there, according to Mathias. "Additional security procedures -- starting with identity management -- beyond Wi-Fi security are also always recommended," he said.

There are still reasons to avoid Windows 10 Wi-Fi Sense, the most important one being privacy as the two-way sharing requirement allows Microsoft to harvest all the contacts a user chooses to share with. Users can opt to share -- or not share -- Wi-Fi access with Facebook friends, contacts and Skype contacts, but there is no further granularity. Sharing contacts is all or nothing within each of those categories.

There is also the "friend of a friend" problem. Even if a user opts completely out of using Wi-Fi Sense, but gives her Wi-Fi access password to a friend who is using Wi-Fi Sense, that credential can then be shared by the friend to her contacts.

What is Windows 10 Wi-Fi Sense?

Wi-Fi Sense first rolled out with Windows Phone 8.1 as a way to automatically distribute access to Wi-Fi access points, with roots in the "Open Wireless" movement championed by the Electronic Frontier Foundation. Now that it's a part of Windows 10, enabled by default in Windows 10 "Express settings" installation, Wi-Fi Sense has a far larger installed base than it did when it was limited to users of Windows Phone OS.

Wi-Fi Sense allows users to share access to Wi-Fi access points without having to expose their passwords; Microsoft encrypts and stores the passwords -- where required -- and provides the decrypted passwords when prompted by the Wi-Fi router, preventing users from seeing the unencrypted passphrases.

The first limitation on Wi-Fi Sense is that it works only for Windows 10 users who are signed into their Microsoft accounts; their contacts can only use Wi-Fi Sense if they, too, are running Windows 10 and logged into their Microsoft accounts. Wi-Fi Sense isn't available in all countries/regions, another potential limitation for some.

Furthermore, sharing is two-way, only: A user can only access his contact's shared networks if that user shares at least one network. Sharing networks happens when a user opts in the first time they connect to a Wi-Fi network.

There are two different categories of Wi-Fi networks that can be shared: "suggested open hotspots," such as those offered in coffee shops; and "networks shared by my contacts," such as those used in private homes or offices.

The idea behind sharing public networks is to promote seamless mobile computing, as envisioned by the Open Wireless movement. Wi-Fi Sense will: "Automatically connect you to open Wi‑Fi networks it knows about by crowdsourcing networks that other people using Windows have connected to. These are typically open Wi‑Fi hotspots you see when you're out and about," as Microsoft explains in the Wi-Fi Sense FAQ. Users have control over whether or not they share networks in either category.

While Wi-Fi Sense is enabled by default in the "express" installation option, for all editions of Windows 10, when a user first connects to a new Wi-Fi network he must explicitly choose to add that network to the list of networks the user is willing to share with his contacts.

How to manage Windows 10 Wi-Fi Sense

"The best way to handle Wi-Fi Sense in your enterprise is to first establish if it can work in your environment," James said. Users in enterprises using the 802.1x protocol for Wi-Fi network access authentication will not be able to share access to those networks at all -- those credentials will not work. When accessing Wi-Fi with the 802.1x protocol, the user -- as well as the device -- is authenticated through an enterprise authentication server. With 802.1x, a Wi-Fi password is necessary but not sufficient for a user to access the network.

"Once you have decided if it is right or wrong for you, then using group policy objects (GPO) will be the best way to allow or deny the use in your network," James said, adding that "setting these parameters globally will stop anyone making their own decisions as to whether they should or not." James added if you plan to use Wi-Fi Sense, "the same GPO could be used to allow and deny for certain groups of users, as realistically you would not want everyone deciding to share your Wi-Fi to all their Facebook friends."

The best way to handle Wi-Fi Sense in your enterprise is to first establish if it can work in your environment.
Mark Jamessecurity specialist at ESET

Some experts are going so far as to recommend turning Windows 10 Wi-Fi Sense off, completely. Microsoft outlines a number of different ways to configure or disable Wi-Fi Sense. In addition to managing a group policy object through the Windows Group Policy editor, administrators can use the Registry editor to add a DWORD value named "AutoConnectAllowedOEM," and assign it to 0 to disable Wi-Fi Sense.

Wi-Fi Sense can be disabled through Windows Provisioning, by changing the Windows Provisioning setting, "WiFISenseAllowed," to 0. It can also be disabled by changing the Unattended Windows Setup setting, "WiFISenseAllowed," to 0.

To entirely opt out a Wi-Fi network from Wi-Fi Sense, Microsoft recommended the network administrator include the string "_optout somewhere in the Wi‑Fi network name -- also called the SSID. For example, mynetwork_optout or my_optout_network," according to the Wi-Fi Sense FAQ.

The jury remains out on whether Wi-Fi Sense is a useful feature or a potential vulnerability. "I'm one who remains dismissive of what could easily be construed as yet another tool for hackers," Mathias said.

But whether enterprises are sharing Wi-Fi access through Wi-Fi Sense or sharing passwords through less formal methods, experts agreed that security teams must have adequate controls in place around those Wi-Fi networks. "As with any security measures, you have to have a basic set of rules that everyone is aware of," James said. "If you give someone your secure WPA2 Wi-Fi password but don't make any conditions on what they can do with it, then you are opening yourself up for possible abuse of that privilege."

Next Steps

Michael Cobb debates the safety of Windows 10 Wi-Fi Sense

Learn more about how the 802.1x authentication protocol works for access control.

Find out whether or not Windows 10 privacy issues are worth worrying about.

See how Windows 10 has addressed longstanding Windows OS vulnerabilities.

Dig Deeper on Network security

Enterprise Desktop
Cloud Computing