Home Business IT Security Google storing WLAN passwords in the clear

Get all your tech news delivered to your mail box five days a week
iTWire UPDATE - it's FREE!


Companies may have to think twice about allowing employees with Android phones to connect to their corporate networks, following the disclosure that Google's back-up service stores WLAN passwords in the clear.

The disclosure came in the form of a blog post a week ago by Micah Lee of the Electronic Frontier Foundation.

The backup option on an Android phone is on by default. All app data, Wi-Fi passwords and other settings are backed up to Google servers. And everyone who wants to use services on an Android phone has to have a Google account.

Lee said he had discovered this flaw when he formatted his phone and flashed a stock Android ROM. He then logged into his Google account and found that he had automatically connected to his password-protected wifi.

He filed a bug with Android but was then advised that it did not cover Google Apps. He then wrote about it on Google+.

Lee's discovery assumes additional importance in view of the recent revelations that Google has been feeding users' data to the NSA.

In his bug report, Lee wrote: "The 'Back up my data' option in Android is very convenient. However it means sending a lot of private information, including passwords, in plaintext to Google. This information is vulnerable to government requests for data.

"You could implement this the same way Chrome's sync feature is implemented, with two options: Encrypt synced passwords with your Google credentials; Encrypt all synced data with your own sync passphrase.

"Since backup and restore is such a useful feature, and since it's turned on by default, it's likely that the vast majority of Android users are syncing this data with their Google accounts. Because Android is so popular, it's likely that Google has plaintext wifi passwords for the majority of password-protected wifi networks in the world."

ITWIRE SERIES - REVENUE-CRITICAL APPS UNDERPERFORMING?

Avoid War Room Scenarios and improve handling of critical application problems:

• Track all transactions, end-to-end, all the time and know what your users experience 24/7

• View code level details with context and repair problems quickly

• Fix problems in minutes before they wreak havoc

• Optimize your most important applications, Java, .NET, PHP, C/C++ and many more

Start your free trial today!

CLICK FOR FREE TRIAL!

ITWIRE SERIES - IS YOUR BACKUP STRATEGY COSTING YOU CLIENTS?

Where are your clients backing up to right now?

Is your DR strategy as advanced as the rest of your service portfolio?

What areas of your business could be improved if you outsourced your backups to a trusted source?

Read the industry whitepaper and discover where to turn to for managed backup

FIND OUT MORE!

Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.

Connect