Home Business IT Security Google storing WLAN passwords in the clear

Subscribe now and get the news that matter to your industry.

* Your Email Address:
* First Name:
* Last Name:
Industry:
Job Function:
Australian State:
Country:
Email marketing by Interspire
weebly statistics

Companies may have to think twice about allowing employees with Android phones to connect to their corporate networks, following the disclosure that Google's back-up service stores WLAN passwords in the clear.

The disclosure came in the form of a blog post a week ago by Micah Lee of the Electronic Frontier Foundation.

The backup option on an Android phone is on by default. All app data, Wi-Fi passwords and other settings are backed up to Google servers. And everyone who wants to use services on an Android phone has to have a Google account.

Lee said he had discovered this flaw when he formatted his phone and flashed a stock Android ROM. He then logged into his Google account and found that he had automatically connected to his password-protected wifi.

He filed a bug with Android but was then advised that it did not cover Google Apps. He then wrote about it on Google+.

Lee's discovery assumes additional importance in view of the recent revelations that Google has been feeding users' data to the NSA.

In his bug report, Lee wrote: "The 'Back up my data' option in Android is very convenient. However it means sending a lot of private information, including passwords, in plaintext to Google. This information is vulnerable to government requests for data.

"You could implement this the same way Chrome's sync feature is implemented, with two options: Encrypt synced passwords with your Google credentials; Encrypt all synced data with your own sync passphrase.

"Since backup and restore is such a useful feature, and since it's turned on by default, it's likely that the vast majority of Android users are syncing this data with their Google accounts. Because Android is so popular, it's likely that Google has plaintext wifi passwords for the majority of password-protected wifi networks in the world."

PROTECT YOURSELF AGAINST BANDWIDTH BANDITS!

Don't let traffic bottlenecks slow your network or business-critical apps to a grinding halt. With SolarWinds Bandwidth Analyzer Pack (BAP) you can gain unified network availability, performance, bandwidth, and traffic monitoring together in a single pane of glass.

With SolarWinds BAP, you'll be able to:

• Detect, diagnose, and resolve network performance issues

• Track response time, availability, and uptime of routers, switches, and other SNMP-enabled devices

• Monitor and analyze network bandwidth performance and traffic patterns.

• Identify bandwidth hogs and see which applications are using the most bandwidth

• Graphically display performance metrics in real time via dynamic interactive maps

Download FREE 30 Day Trial!

CLICK TO DOWNLOAD!

ITWIRE SERIES - IS YOUR BACKUP STRATEGY COSTING YOU CLIENTS?

Where are your clients backing up to right now?

Is your DR strategy as advanced as the rest of your service portfolio?

What areas of your business could be improved if you outsourced your backups to a trusted source?

Read the industry whitepaper and discover where to turn to for managed backup

FIND OUT MORE!

Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.

Connect