Google's "back up my data feature" for Android may be a convenient
and easy way to back up files, but it also may put network security at
risk by exposing the passwords of encrypted Wi-Fi networks.
On his personal blog, Electronic Frontier Foundation (EFF) staff technologist Micah Lee pointed out that the backup feature syncs all the network passwords your Android devices remember to Google's cloud storage.
"Because Android is so popular, it's likely that Google has plaintext Wi-Fi passwords for the majority of password-protected Wi-Fi networks in the world," Lee wrote.
As an Android device owner adds Wi-Fi network passwords over the
course of using the device, every new password is saved on the device.
But because Android devices aren't equipped to encrypt passwords, the
devices must be saving and transmitting those passwords in plaintext.
"With your home Wi-Fi password, an attacker can sniff Wi-Fi traffic
outside your house (without connecting to your network) and then decrypt
it all, passively eavesdropping on your private network," Lee wrote.
"If the attacker wants to do more active attacks, they can connect to
your Wi-Fi network and mount a man-in-the-middle attack to eavesdrop on
and modify any unencrypted Internet traffic," Lee added. "If you
download a file, they can serve you a malicious version instead."
In a statement to tech blog Ars Technica,
Google said that Android backup data was "encrypted in transit,
accessible only when the user has an authenticated connection to Google
and stored at Google data centers, which have strong protections against
digital and physical attacks."
Lee noted that since Google at least partly cooperates with NSA data-mining operations, it's possible that the spy agency could get hold of Wi-Fi passwords.
The Android backup feature is turned on by default on stock Android devices, which includes the Nexus line of smartphones and tablets. It can be switched on or off under Backup & Reset in the stock Android Settings menu.
(Manufacturers that tweak their Android builds, such as Samsung or HTC, have their own policies.)
Backup is part of the main Android application program interface, or API, meaning it can be accessed by other apps in order to transmit data to the cloud in case the device were to become compromised.
How to get drunk off of gummy bears and oranges. So cool! Click here
0 comments:
Post a Comment