Home Business IT Security Google storing WLAN passwords in the clear

Companies may have to think twice about allowing employees with Android phones to connect to their corporate networks, following the disclosure that Google's back-up service stores WLAN passwords in the clear.

The disclosure came in the form of a blog post a week ago by Micah Lee of the Electronic Frontier Foundation.

The backup option on an Android phone is on by default. All app data, Wi-Fi passwords and other settings are backed up to Google servers. And everyone who wants to use services on an Android phone has to have a Google account.

Lee said he had discovered this flaw when he formatted his phone and flashed a stock Android ROM. He then logged into his Google account and found that he had automatically connected to his password-protected wifi.

He filed a bug with Android but was then advised that it did not cover Google Apps. He then wrote about it on Google+.

Lee's discovery assumes additional importance in view of the recent revelations that Google has been feeding users' data to the NSA.

In his bug report, Lee wrote: "The 'Back up my data' option in Android is very convenient. However it means sending a lot of private information, including passwords, in plaintext to Google. This information is vulnerable to government requests for data.

"You could implement this the same way Chrome's sync feature is implemented, with two options: Encrypt synced passwords with your Google credentials; Encrypt all synced data with your own sync passphrase.

"Since backup and restore is such a useful feature, and since it's turned on by default, it's likely that the vast majority of Android users are syncing this data with their Google accounts. Because Android is so popular, it's likely that Google has plaintext wifi passwords for the majority of password-protected wifi networks in the world."

FREE REPORT - IT MONITORING TOOLS COMPARISON

Are you looking to find the most efficient IT Monitoring tool available?

IT Monitoring is an essential part of the operations of any organisation with a significant network architecture.

Multiple IT monitoring platforms are available on the market today, supporting the various needs of small, medium-sized, and large enterprises, as well as managed service providers (MSPs).

This new report studies and compares eight different IT monitoring products in terms of functionality, operations, and usability on the same server platform with 100 end devices.

Which product is easiest to deploy, has the best maintenance mode capabilities, the best mobile access and custom reporting, dynamic thresholds setting, and enhanced discovery capabilities?

Download your free report to find out.

DOWNLOAD!

Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.

Connect