Surprise! Windows 10 loves to spread your WiFi password

Surprise! Windows 10 loves to spread your WiFi password

Windows 10's Wi-FiSense feature has a security risk, which will actively share WiFi passwords with users' contacts, posing a threat to network security. These contacts include users' Outlook.com contacts, Skype contacts, and Facebook friends (users need to actively enable it).

Microsoft launched the Wi-FiSense feature to make it easier for users to use wireless networks: if you walk into a WiFi network and your friend knows the password of the network, if you both use Wi-FiSense, you can also log in to the network directly. But convenience may also bring security risks. Although Wi-Fi Sense will not show the plain text password to your family, friends or acquaintances, if the other party also runs Wi-FiSense, they can access your WiFi network.

These passwords are stored on Microsoft's servers and will be copied to the corresponding devices when the conditions are met, but Microsoft doesn't let you see them. How successful the Wi-FiSense feature will be is still unknown.

Microsoft wrote in the FAQ section of Wi-FiSense: "For the network you want to share, its login password will be sent to Microsoft over an encrypted connection and stored as an encrypted file on Microsoft servers. In the future, when your friends use Wi-FiSense and are in the coverage area of ​​the WiFi network, the system will send a secure connection to your contact's phone."

Microsoft also added that Wi-FiSense only provides Internet access and prohibits others from connecting to other content on the wireless LAN. This sounds smart, but it may be difficult to implement. If a computer is connected to a protected WiFi network, then its key must be known. If the computer knows the key, then the user or hacker can find the key in the computer, log in to the network, and gain full access.

In theory, if an outsider wants to use your company's WiFi network, they only need to become friends with one or two employees of your company, and then enter the network coverage area, and they can use it at will.

In fact, Windows Phone based on Windows 8.1 already supports this feature. If you enter the password on your Lumia phone, it means you don't have to enter it on your laptop again, because you are your friend. Given the limited market share of Windows Phone, its threat is not very big at present.

However, if all laptops within the corporate WiFi network coverage are installed with Windows 10, the security risk is huge. In addition, if you allow WiFiSense to obtain your Facebook contacts, Microsoft will also obtain your Facebook friends list and provide them with the WiFi password.

To address the security vulnerability, Microsoft recommends that users add their WiFi network names (SSIDs) to a block list to prevent Wi-Fi Sense from obtaining relevant information.

In Windows 10, Microsoft turns on Wi-Fi Sense by default and shares the WiFi password with contacts, unless the user actively sets it up when connecting for the first time. Although turning off Wi-Fi Sense will cause some trouble to users, it can improve network security.

As a winner of Toutiao's Qingyun Plan and Baijiahao's Bai+ Plan, the 2019 Baidu Digital Author of the Year, the Baijiahao's Most Popular Author in the Technology Field, the 2019 Sogou Technology and Culture Author, and the 2021 Baijiahao Quarterly Influential Creator, he has won many awards, including the 2013 Sohu Best Industry Media Person, the 2015 China New Media Entrepreneurship Competition Beijing Third Place, the 2015 Guangmang Experience Award, the 2015 China New Media Entrepreneurship Competition Finals Third Place, and the 2018 Baidu Dynamic Annual Powerful Celebrity.

<<:  Meizu partner product bong X review: a very elegant smartwatch

>>:  What is different about the Honor 7, other than just fingerprint recognition and all-metal?

Recommend

How did people keep warm before cotton was introduced to China?

Author: Duan Yuechu Throughout human history, res...

I have summarized 8 ways to attract traffic from Douyin

When the graphic and text fields and other fields...

8 years after Steve Jobs' death, is Tim Cook a qualified Apple CEO?

October 5, 2019, coincided with the 70th annivers...

Little dirty! How to make APP operation and promotion "hard" and "soft"

APP operation and promotion , to put it simply an...

Dizziness "first reaction": Is it Meniere's?

For many friends who suddenly feel dizzy, their f...

How can you quickly achieve results for a new SEM promotion account?

When you don't know an industry and take over...

How does a frog's slippery tongue catch a fly?

When it comes to frog hunting, the following scen...

"Hyper High-Speed ​​Rail" prototype test was successful and looks sci-fi

Although airplanes can transport passengers to th...

The transmission and response mechanism of touch events in iOS

All inherited responder objects UIResponder can r...

How can Douyin increase followers quickly and effectively?

There are three ways to increase followers: conte...