Windows 10 Mobile Wi-Fi Sense Feature Seems Like An Exploit In The Making
Wi-Fi Sense is a feature of Windows Phone 8.1, and soon Windows 10 Mobile, that allows people to connect to certain networks without effort. It works by tapping into an existing connection to a network that a friend nearby already has access to. By simply being contacts with each other, your phone could handshake with their phone and grant you the Wi-Fi password -- all obfuscated through encryption.
It's not hard to understand how this could be misused. Because this is meant to be a hands-off technology, the user who in effect grants access to a network doesn't even know it. They don't need to give the A-OK -- it's simply invisible to them. The upside, from a security standpoint, is that when connecting to a network this way, Windows Phone won't grant access to the physical network. Instead, it'll only avail actual Internet traffic.
Credit: The Register
Still, the doors seem to be wide open for some potential exploitation. The fact that a user doesn't even need to grant access is a little odd. Just because a friend allows you to use their Internet when you're at their house doesn't mean that they want everyone who tags along with you to have the same access. In a more unlikely scenario, you could be friends with someone you don't even really know, via Facebook or Skype, and if they're merely in proximity of your wireless network, they could gain access.
If the connection is limited to only the Internet, and not the local network, it's clear that Microsoft has made some great decisions here. But just how hard would it be to breach the limitation and access the network anyway? Just how encrypted and secure is the Wi-Fi password?
Make no mistake, this is a cool piece of technology. But like many other cool pieces of technology, we must be aware of the potential drawbacks. Once this feature rolls out on a wide scale, we'll see just how severe those drawbacks are.