Microsoft WiFi Sense Hurts WiFi Security

By Greg Keller Posted August 20, 2015

wifi sense

Note: WiFi Sense was a new feature built into the first Windows 10 update in 2015. However, in the Summer of 2016 this feature was disabled in the Windows 10 Anniversary update.

Blair Hanley Frank recently penned an article about Microsoft’s inclusion of its WiFi sense functionality into Windows 10. WiFi sense enables friends and colleagues to share their WiFi access. Users simply share their WiFi network access to their contacts, which could potentially include all of their Facebook friends.

WiFi Sense and Security

WiFi Sense a Security feature?

Perplexingly, Microsoft is claiming that this feature is actually a security feature. The idea is that by letting the computers share the WiFi access, you don’t need to actually share the passphrase. Furthermore, Microsoft is claiming that anybody that receives this shared access will only be able to access the Internet and not other resources on the network. It’s unclear what safeguards Microsoft puts in place around this, but an enterprising hacker may be able to circumvent them, so placing that responsibility in the client is a gamble. Network access should be controlled in the infrastructure, instead of placing that trust in the server.

The problem with this functionality is that users may inadvertently share access to their company’s network. If sharing isn’t explicitly turned off for all of your employees, you just don’t know where your access has been transferred. While those users who have the shared credentials may not have the explicit passwords, they still will know that they can access a network. As an IT admin, this is the type of risk that will keep you up at night. Controlling who has access to your network is a fundamental part of the job.

Keep Your WiFi Network Protected

Guard against WiFi Sense with RADIUS-as-a-Service

JumpCloud’s Directory-as-a-Service solution resolves the open security hole that Microsoft’s WiFi Sense creates through the implementation in Windows 10.

With JumpCloud, there’s no passphrase to share through WiFi Sense, each login is authenticated to a specific username and password. That means that you still can control access to your network on a user-by-user basis, without the heavy lifting. Most importantly, Microsoft’s functionality doesn’t do an end run around your network controls.

If you’re an IT admin, your favorite part may be that you no longer need to worry about training your users not to share their network accounts via WiFi Sense. You simply leverage JumpCloud’s cloud-based directory service with RADIUS integration to provide control over each user’s access.

To learn more how JumpCloud protects you from the Microsoft’s WiFi Sense functionality, drop us a note. We also encourage you to sign up for a free account. Your first 10 users are free forever.

Greg Keller

Greg is JumpCloud's Chief Product Officer, overseeing the product management team, product vision and go-to-market execution for the company's Directory-as-a-Service offering. The SaaS-based platform re-imagines Active Directory and LDAP for the cloud era, securely connecting and managing employees, their devices and IT applications.

Recent Posts