What if Microsoft's WiFi sense database gets hacked?
THIS is my favorite of ALL TIME!
I just wrapped up a post on WiFi sense and was doing some more reading. And one site stated the big problem with WiFi sense was that your passwords are stored in a central location and it will likely get hacked eventually. Scroll near the bottom, you'll see it.
Generally, this is a calculated risk with centralized repositories. Password storing sites, sites which store credit card information, etc....
But, even in those cases, concerns are largely overrated. Though, at least in those cases the potential impact actually... you know... exists!
Think about this for a second. If someone gets my credit card information or site credentials they can effectively use those anywhere around the world. And they can quickly and easily leverage them en masse either directly (run up charges on credit cards using software to rapidly impact as many account holders as possible) or as a means of extortion as in the Ashley Madison case where hackers were charging the sites users to keep their affairs secret.
More often than not though, even in mass data breaches, the average person has little to nothing to fear. Your CC balance is too low, you're not worth extorting, etc.... And, many of these can be "fixed" before the breached data is exploited. Go in and change credentials, report your credit card as compromised, etc.... Unless it was a sophisticated operation, by the time the media makes your aware of the breach your data is still unused.
Worrying about this with WiFi sense however is far more ludicrous. SO WHAT?! If someone breaches Microsoft's database of network passwords... what are the odds that the person or persons involved are physically near you? What are the odds that they care about gaining access to your network? And if they care that much about your network specifically and have the sophistication to bypass the security in place protecting that repository, what chance does your consumer grade protected WiFi have against such hackers? NONE (NOTE: WiFi sense will NOT store Enterprise grade authentication credentials, hence the consumer grade note). WiFi is a proximity based technology. Having the SSID and password is meaningless if you're in another country... or heck, too far into my backyard.
This should, quite literally, be the lowest form of all security concerns on WiFi sense. It is SEVERAL ORDERS OF MAGNITUDE more likely that through legitimate use of the feature you would inadvertently grant some malicious individual who can feasibly be in range of your router access to your internet connection. It is also equally likely that you'd have given that person the WiFi password if they had asked for it.
Many of the paranoid masses are pointing to things like someone downloading a movie or song illegally and then being sued over it which sounds like an innocent thing any of your friends might do... or if you have kids, their friends. And guess what? If you give your friends your password, they are likely to give it away to their friends. Whereas, if your kids only have WiFi access by virtue of WiFi sense (IE, you never gave them the password directly), then they can't share it with their friends in the first place... though they may just use your kids devices to perform those illegal activities.
If you're paranoid however, you probably have a bunch of things in place which would circumvent or mitigate the damage from WiFi Sense anyway, like a guest network with a bandwidth cap, not broadcasting your SSID, and/or using MAC filtering. And, you'll probably also turn off WiFi Sense on your devices anyway.
If you're not in that group, you probably have a small army of people who have access to your WiFi already and unless you regularly cycle passwords couldn't stop them from doing the same things you're now worried people will do with WiFi sense.
I just wrapped up a post on WiFi sense and was doing some more reading. And one site stated the big problem with WiFi sense was that your passwords are stored in a central location and it will likely get hacked eventually. Scroll near the bottom, you'll see it.
Generally, this is a calculated risk with centralized repositories. Password storing sites, sites which store credit card information, etc....
But, even in those cases, concerns are largely overrated. Though, at least in those cases the potential impact actually... you know... exists!
Think about this for a second. If someone gets my credit card information or site credentials they can effectively use those anywhere around the world. And they can quickly and easily leverage them en masse either directly (run up charges on credit cards using software to rapidly impact as many account holders as possible) or as a means of extortion as in the Ashley Madison case where hackers were charging the sites users to keep their affairs secret.
More often than not though, even in mass data breaches, the average person has little to nothing to fear. Your CC balance is too low, you're not worth extorting, etc.... And, many of these can be "fixed" before the breached data is exploited. Go in and change credentials, report your credit card as compromised, etc.... Unless it was a sophisticated operation, by the time the media makes your aware of the breach your data is still unused.
Worrying about this with WiFi sense however is far more ludicrous. SO WHAT?! If someone breaches Microsoft's database of network passwords... what are the odds that the person or persons involved are physically near you? What are the odds that they care about gaining access to your network? And if they care that much about your network specifically and have the sophistication to bypass the security in place protecting that repository, what chance does your consumer grade protected WiFi have against such hackers? NONE (NOTE: WiFi sense will NOT store Enterprise grade authentication credentials, hence the consumer grade note). WiFi is a proximity based technology. Having the SSID and password is meaningless if you're in another country... or heck, too far into my backyard.
This should, quite literally, be the lowest form of all security concerns on WiFi sense. It is SEVERAL ORDERS OF MAGNITUDE more likely that through legitimate use of the feature you would inadvertently grant some malicious individual who can feasibly be in range of your router access to your internet connection. It is also equally likely that you'd have given that person the WiFi password if they had asked for it.
Many of the paranoid masses are pointing to things like someone downloading a movie or song illegally and then being sued over it which sounds like an innocent thing any of your friends might do... or if you have kids, their friends. And guess what? If you give your friends your password, they are likely to give it away to their friends. Whereas, if your kids only have WiFi access by virtue of WiFi sense (IE, you never gave them the password directly), then they can't share it with their friends in the first place... though they may just use your kids devices to perform those illegal activities.
If you're paranoid however, you probably have a bunch of things in place which would circumvent or mitigate the damage from WiFi Sense anyway, like a guest network with a bandwidth cap, not broadcasting your SSID, and/or using MAC filtering. And, you'll probably also turn off WiFi Sense on your devices anyway.
If you're not in that group, you probably have a small army of people who have access to your WiFi already and unless you regularly cycle passwords couldn't stop them from doing the same things you're now worried people will do with WiFi sense.
Comments
Post a Comment