Security Market Segment LS
Thursday, 16 June 2011 17:03

Android has a huge security hole

By

It appears that Android stores SSIDs and WPA encryption keys on Google's servers and links them to users' Google accounts.  So much for "don't be evil!" [Updated]

If early reports from Tech Republic are true - and they do appear to be - Google is about to have another PR disaster in the security area.

We all recall the "accidental" capturing of unencrypted WiFi communications by the Google Maps Streetview cars and carts as they cruised the world's highways and byways.  Well now, they've gone one better.

As far as Donovan Colbert (author of the linked article above) could tell, either his brand-new Android tablet was amazingly clairvoyant or it obtained WiFi access details from a Google server.

Most of us would suspect the latter.

Colbert explains the story in detail (we suggest you read it) but in short, he turned on a brand new Android-based tablet, authenticated with his Google account and all of a sudden, the tablet had connected with his personal WiFi hotspot.  In addition, the tablet's hotspot list had been populated with pretty-well every hotspot Colbert had ever used, including one 50km away!

As Colbert suggests, this could put a lot of free WiFi users in breach of the terms of service, which generally state that the access keys may not be shared.

Worse, it means that secured corporate keys are also being "backed up" on Google's servers.

Having read the article closely, iTWire has a couple of questions about how this worked - for instance if Colbert needed the WPA key to authenticate to the hotspot, how was he able to tunnel through said hotspot to get the key which the tablet then used to set up the connection?  Perhaps the tablet was having a quiet chat (via BlueTooth?) with his smartphone and the two of them conspired to achieve the break-in!

iTWire has asked Google for comment, but Google has informed us that it cannot respond until the US-based experts are available in the morning.

An update to this story is available here.

 


BACK TO HOME PAGE

NEW OFFER - ITWIRE LAUNCHES PROMOTIONAL NEWS & CONTENT

Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.

POST YOUR NEWS ON ITWIRE NOW!

INVITE DENODO EXECUTIVE VIRTUAL ROUNDTABLE 9/7/20 1:30 PM AEST

CLOUD ADOPTION AND CHALLENGES

Denodo, the leader in data virtualisation, has announced a debate-style three-part Experts Roundtable Series, with the first event to be hosted in the APAC region.

The round table will feature high-level executives and thought leaders from some of the region’s most influential organisations.

They will debate the latest trends in cloud adoption and technologies altering the data management industry.

The debate will centre on the recently-published Denodo 2020 Global Cloud Survey.

To discover more and register for the event, please click the button below.

REGISTER HERE!

BACK TO HOME PAGE
David Heath

David Heath has had a long and varied career in the IT industry having worked as a Pre-sales Network Engineer (remember Novell NetWare?), General Manager of IT&T for the TV Shopping Network, as a Technical manager in the Biometrics industry, and as a Technical Trainer and Instructional Designer in the industrial control sector. In all aspects, security has been a driving focus. Throughout his career, David has sought to inform and educate people and has done that through his writings and in more formal educational environments.

BACK TO HOME PAGE

ZOOM WEBINARS & ONLINE EVENTS

Channel News

VENDOR NEWS & VIEWS

REVIEWS

Comments

Guest Opinion