Just in case you haven’t already donned
a tinfoil hat in light of Edward Snowden’s NSA revelations, here’s a little
extra motivation. According to the Electronic Frontier Foundation (EFF),
Android users who use the “back up my data” feature on their devices could be
serving up their Wi-Fi passwords to data harvesters like the NSA.
Disclaimer: No evidence exists that the
NSA is actually logging passwords and it is irresponsible to suggest otherwise
unless actual evidence is provided. EFF has demonstrated that it is simply
possible.
“The ‘Back up my data’ option in Android is very convenient,” wrote Micah Lee, staff technologist at the EFF. “However, it means sending a lot of private information, including passwords, in plaintext to Google. This information is vulnerable to government requests for data.” [ArsTechnica]
Ostensibly, Android’s backup feature is
outstanding and frankly a responsible thing to use. It sends data including
your call logs, system settings, and browser bookmarks to Google’s cloud so
they can be easily retrieved should you lose your phone. Unfortunately, since
the data is sent in plain text, any information requests could very well
include more sensitive data like your Wi-Fi passwords.
“Since backup and restore is such a useful feature, and since it's turned on by default,” wrote Lee, “it's likely that the vast majority of Android users are syncing this data with their Google accounts. Because Android is so popular, it's likely that Google has plaintext Wi-Fi passwords for the majority of password-protected Wi-Fi networks in the world.”
And if that’s not unsettling enough,
don’t forget that Google also mapped most of those Wi-Fi networks with their
Street View program. It wouldn’t take much to link the location of the network
and the corresponding password for anyone interested in snooping.
Have we mentioned you should use a VPN when you’re on Wi-Fi?
No comments:
Post a Comment