|
|
Note, both my telco and Google have been invited to respond to this discovery.
So, on the quite reasonable assumption that a new android device (phone, tablet etc) is configured to use this feature automatically, and a good number of owners will not have the knowledge or foresight to disable it, Google could reasonably be assumed to have SSID and WPA encryption keys for a very significant, perhaps most WiFi access points around the world.
Certainly there will be a certain degree of flux as users discover the feature and, weighing up the privacy vs. ease-of-use will choose to remove the storage (note, disabling the feature will also cause any stored credentials to be deleted - of course they'll be deleted, Google promises).
Consider the furore that arose with the 'accidental' capture of unencrypted WiFi data by the StreetView cars, and the strident, yet totally erroneous claims by Communications Minister Conroy that banking data may have been collected (oh, how mighty are the stupid?) - data that was assessed as being possibly only a few seconds of transmission for each location.
Now consider what the effect might be of Google (should they ever choose to) being able access any and every WiFi hotspot in the world.
By the way, it was never possible for the StreetView cars to access banking details; EVERY banking session is fully encrypted independently of the encryption (or lack thereof) used in the WiFi session.
So, given all this, what might we expect?
