Business IT - Technology for your business
No. 1 Story
RIM’s PlayBook OS 2.0 goes live, native email at last
It might not be BlackBerry’s “Defence Department” trusted level of email, but the PlayBook finally gets its OS 2.0 and native email, calendaring and more, adding a new lease of life to RIM’s trim tablet.
read moreMore From
Android has a huge security hole
David Heath
Thursday, 16 June 2011 18:03
It appears that Android stores SSIDs and WPA encryption keys on Google's servers and links them to users' Google accounts. So much for "don't be evil!" [Updated]
If early reports from Tech Republic are true - and they do appear to be - Google is about to have another PR disaster in the security area.
We all recall the "accidental" capturing of unencrypted WiFi communications by the Google Maps Streetview cars and carts as they cruised the world's highways and byways. Well now, they've gone one better.
As far as Donovan Colbert (author of the linked article above) could tell, either his brand-new Android tablet was amazingly clairvoyant or it obtained WiFi access details from a Google server.
Most of us would suspect the latter.
Colbert explains the story in detail (we suggest you read it) but in short, he turned on a brand new Android-based tablet, authenticated with his Google account and all of a sudden, the tablet had connected with his personal WiFi hotspot. In addition, the tablet's hotspot list had been populated with pretty-well every hotspot Colbert had ever used, including one 50km away!
As Colbert suggests, this could put a lot of free WiFi users in breach of the terms of service, which generally state that the access keys may not be shared.
Worse, it means that secured corporate keys are also being "backed up" on Google's servers.
Having read the article closely, iTWire has a couple of questions about how this worked - for instance if Colbert needed the WPA key to authenticate to the hotspot, how was he able to tunnel through said hotspot to get the key which the tablet then used to set up the connection? Perhaps the tablet was having a quiet chat (via BlueTooth?) with his smartphone and the two of them conspired to achieve the break-in!
iTWire has asked Google for comment, but Google has informed us that it cannot respond until the US-based experts are available in the morning.
An update to this story is available here.
Loading comments ...
The Australian IT Directory
Sponsored Announcements
MITIGATE Seminar brings one of the world's top fraud experts to Australia
| MITIGATE Seminar announces six city Australian tour featuring Jonathan E. Turner
You may have missed
Advertisement
- sponsored feature -
The Death of Traditional BI: What’s Next?
How to Make Business Discovery Work for Your Business
Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more
Search Job ads on iTWire - Story Pages
 |
Microsoft Office 365Try an easy-to-use set of web-enabled tools for business-class productivity services. Office 365 provides anywhere-access to email, important documents, contacts, and calendars on almost any device.  |
LATEST HEADLINES FROM YOUR IT
FOLLOW US
ARE YOU LISTED?
Live eventsVirtual events
NICTA Meet the Founder Interview Series -David Haymes- CEO Haymes Paints
Tuesday, 28 February 2012 (17:00)
See All EventsTuesday, 28 February 2012 (17:00)
