Home Business IT Security Google storing WLAN passwords in the clear

Companies may have to think twice about allowing employees with Android phones to connect to their corporate networks, following the disclosure that Google's back-up service stores WLAN passwords in the clear.

The disclosure came in the form of a blog post a week ago by Micah Lee of the Electronic Frontier Foundation.

The backup option on an Android phone is on by default. All app data, Wi-Fi passwords and other settings are backed up to Google servers. And everyone who wants to use services on an Android phone has to have a Google account.

Lee said he had discovered this flaw when he formatted his phone and flashed a stock Android ROM. He then logged into his Google account and found that he had automatically connected to his password-protected wifi.

He filed a bug with Android but was then advised that it did not cover Google Apps. He then wrote about it on Google+.

Lee's discovery assumes additional importance in view of the recent revelations that Google has been feeding users' data to the NSA.

In his bug report, Lee wrote: "The 'Back up my data' option in Android is very convenient. However it means sending a lot of private information, including passwords, in plaintext to Google. This information is vulnerable to government requests for data.

"You could implement this the same way Chrome's sync feature is implemented, with two options: Encrypt synced passwords with your Google credentials; Encrypt all synced data with your own sync passphrase.

"Since backup and restore is such a useful feature, and since it's turned on by default, it's likely that the vast majority of Android users are syncing this data with their Google accounts. Because Android is so popular, it's likely that Google has plaintext wifi passwords for the majority of password-protected wifi networks in the world."

FREE WHITEPAPER - REMOTE SUPPORT TRENDS FOR 2015

Does your remote support strategy keep you and your CEO awake at night?

Today’s remote support solutions offer much more than just remote control for PCs. Their functional footprint is expanding to include support for more devices and richer analytics for trend analysis and supervisor dashboards.

It is imperative that service executives acquaint themselves with the new features and capabilities being introduced by leading remote support platforms and find ways to leverage the capabilities beyond technical support.

Field services, education services, professional services, and managed services are all increasing adoption of these tools to boost productivity and avoid on-site visits.

Which product is easiest to deploy, has the best maintenance mode capabilities, the best mobile access and custom reporting, dynamic thresholds setting, and enhanced discovery capabilities?

To find out all you need to know about using remote support to improve your bottom line, download this FREE Whitepaper.

DOWNLOAD!

Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.

Connect