Microsoft Surface Hub 2 SmCamera User Manual
Page 299
certification used worldwide.
Surface Hub uses Wi-Fi Direct / Miracast technology and the associated 802.11, Wi-Fi
Protected Access (WPA2), and Wireless Protected Setup (WPS) standards. Since the
device only supports WPS (as opposed to WPA2 Pre-Shared Key (PSK) or WPA2
Enterprise), issues traditionally associated with 802.11 encryption are simplified by
design.
Surface Hub operates on par with the field of Miracast receivers. So, it's vulnerable to a
similar set of exploits as all WPS-based wireless network devices. But the Surface Hub
implementation of WPS has extra precautions built in. Also, its internal architecture
helps prevent an attacker who has compromised the Wi-Fi Direct/Miracast layer from
moving past the network interface onto other attack surfaces and connected enterprise
networks.
Miracast is part of the Wi-Fi Display standard, which itself is supported by the Wi-Fi
Direct protocol. These standards are supported in modern mobile devices for screen
sharing and collaboration. Wi-Fi Direct or Wi-Fi "peer to peer" (P2P) is a standard
released by the Wi-Fi Alliance for "Ad-Hoc" networks. This allows supported devices to
communicate directly and create groups of networks without requiring a traditional Wi-
Fi Access Point or an Internet connection.
Security for Wi-Fi Direct is provided by WPA2 using the WPS standard. Devices can be
authenticated using a numerical pin, a physical or virtual push button, or an out-of-band
message using near-field communication. Surface Hub supports both push button by
default as well PIN methods.
Vulnerabilities and attacks in the Wi-Fi Direct invitation, broadcast, and discovery
process:
Wi-Fi Direct/Miracast attacks may target weaknesses in the group
establishment, peer discovery, device broadcast, or invitation processes.
Wi-Fi Direct vulnerability
Surface Hub mitigation
Wireless security for Surface Hub
How Surface Hub addresses Wi-Fi Direct
vulnerabilities