Google Storing WLAN Passwords In the Clear

First time accepted submitter husemann writes "Micah Lee from the EFF filed a bug report about Google storing all your WLAN passwords on their application settings backup service without allowing you to encrypt them. So far it's not known whether the passwords are stored encrypted at rest, but just the fact that Google can read them (and disclose them if forced by 'law') is a bit surprising, too put it nicely. Already one German university is concerned enough about this 'feature' that they issued a warning to their users."

Too much trust

[Linux+User+33]

I think this is perfect example again that we put too much trust on Google. They have repeatly broken that trust and yet some people continue to trust them. This data also goes directly to NSA and FBI. I think both FCC and European Commission should hit them hard, upto jailing the top executives.

Re:Too much trust

[gl4ss]

you're wrong, they have time and time assured that the data doesn't go DIRECTLY to NSA. it goes through their servers, see, and they get to bill for it.

Re:Too much trust

The FCC wont do anything. In fact I'd bet the NSA threatened Google, MS, Apple and all the other companies betraying their customers with difficulties from the FCC and other agencies if they didn't comply.

Re:Too much trust

Even better-- with PRISM, it goes through their servers, then to a private company who is working on behalf of the NSA, then to the NSA. So that way all the big companies can issue the same boilerplate denial "the government has no DIRECT access to our servers".

Sadly, this just shows that even in this spying stuff, the government is horribly inefficient and is paying way more than what the data is worth because it is getting marked up 100+% with each level of capitalist bureaucracy it has to go through.

Re:Too much trust

[Jeremiah+Cornelius]

Correct. Meter the tap. That's why we have lobbies, my boy!

Now, what is this item? "Central Services"....

"Have you got a 27B / 6 ?"

Re:Too much trust

[kasperd]

I think this is perfect example again that we put too much trust on Google.

Google isn't the problem. The American government is. Which means if you want to be safe, stay away from USA and don't trust any companies based there.

If you happen to live there already, maybe it is about time you let the government know, you are not satisfied with their work.

Re:Too much trust

[Linux+User+33]

Google could move completely offshore if that is the problem. But they don't want to.

Re:Too much trust

You really think the NSA or congress gives a fuck about spending your money?

Re:Too much trust

[Jeremiah+Cornelius]

They care DEEPLY.

They are made rich, by doing so.

Re:Too much trust

If you happen to live there already, maybe it is about time you let the government know, you are not satisfied with their work.

That thinking is un-patriotic, un-american and will probably get your name added to a number of watch lists.

Either way it would change nothing. You can change one politician for another ans the same will happen.
http://www.ted.com/talks/lawrence_lessig_we_the_people_and_the_republic_we_must_reclaim.html

The entire political system needs changing and that will not happen without a worldwide revolution.

Re:Too much trust

[Grishnakh]

Not trusting any American companies with your data is of course prudent, in light of PRISM, however this doesn't mean your data is safe anywhere else either: if it's in France, Germany, or UK, they all have spying programs that are just as bad. And even if you keep your data in a relatively-safe country that probably has no spying at all, such as Switzerland or Iceland, that's no guarantee that the company hosting your data isn't just plain incompetent. If Google can make a mistake like this, anyone can.

Of course, since it's impossible to be 100% risk-free, it does make sense to try to mitigate that risk by avoiding obviously-bad choices, like using American companies.

Re:Too much trust

[F.Ultra]

While the UK, Germany and France seams to spy on the data travelling on their national fibers, there is as far as I know yet no indication that they also force companies to hand over user data at will like it's done in the US. Unless I missed something.

Re:Too much trust

This data also goes directly to NSA and FBI. I think both FCC and European Commission should hit them hard, upto jailing the top executives.

I'd rather the European Union classify these executives as terrorists and issue death warrants. Foreign operatives arrive on US soil and neutralize the terrorists before slipping quietly into the night. All under the sanction of the EU court.

Re:Too much trust

[NatasRevol]

What the fuck is the difference?

Re:Too much trust

It's not so much about trusting Google, but about how much trust you place in *any* device or service.

Have no expectation of privacy or be prepared for disappointment.

Re:Too much trust

[gander666]

Fuck. You post that on a day I don't have mod points. :-)

Re:Too much trust

[St.Creed]

No serious company can afford to move completely offshore, out of touch with its armed defense (the US army), unless it has ties to another set of rulers. Social and economic ties to the USA are all very strong for Google. They could never move.

They could move their HQ - I'm sure they'd find out pretty soon that it would be difficult to get the same access to the rulers as they have locally. They didn't go to school with the players, they aren't married to people who know the players, they don't have the right employees, they don't really know the customs, etc. etc. I'm sure you can rebuild Google somewhere else, if you must, but it will only be the name and not the company that moves.

Re:Too much trust

[St.Creed]

Well,

one set of governments is forcing you to smile and bend over, then takes whatever it needs. The other set takes whatever it needs but you don't know for sure that they do. Both are bastards but the first one is cruel to boot.

Re:Too much trust

That is assuming these companies put up even a little resistance.

Re:Too much trust

[kasperd]

Google could move completely offshore if that is the problem. But they don't want to.

• Google's largest engineering offices are in USA. It is not a given that Google would survive, if the majority of those engineers were unwilling to move offshore.
• A significant percentage of Google's server capacity is in USA. Moving that offshore would be a major undertaking, and it would screw over the users in USA, who would get a much poorer service.
• Major shareholders are in USA. I am not sure they would actually accept moving the company offshore.

Re:Too much trust

[vilanye]

But Google is a member of the ruling class. We live in a fascist state.

Re:Too much trust

[kasperd]

If you happen to live there already, maybe it is about time you let the government know, you are not satisfied with their work.

That thinking is un-patriotic, un-american

Democracy is un-american?

Re:Too much trust

[PopeRatzo]

the data doesn't go DIRECTLY to NSA. it goes through their servers, see, and they get to bill for it.

And if there is one thing that history has taught us, it's that if they're giving your passwords to the government, then they're also selling it to the highest bidder.

I thought about that with the Edward Snowden/Booz Allen stuff. Now Booz Allen is a firm that, besides the government, has a lot of private clients that hire them to do the data upskirting. If they're collecting stuff for the NSA, how much are you prepared to trust that none of that stuff is also going to their private clients. I know if I was some evil company looking for your personal data, and Booz Allen was my consultant, I'd be expecting a little "benefit" from their relationship to the NSA, know what I mean?

The ugliest part of the corporate/government intrusion into our personal lives and information is the fact that so much of it is being privatized to companies who also work for other companies and maybe other individuals who all have their own reasons for wanting your shit.

Re:Too much trust

America loves Democracy, we try to spread it everywhere, whether it is wanted there or not. We simply have no use for it at home.

Re:Too much trust

[Darinbob]

Just don't trust them, it's simple. First time I saw this option, I knew it was a terrible idea. Anything in "the cloud" should automatically viewed with skepticism and distrust, and even more so if it's Google. You can back up the data on your local computer instead.

Re:Too much trust

[Darinbob]

The real scandal will occur when the government refuses to pay their bills. Nothing gets the overlords madder than a failure to pay.

Re:Too much trust

[gl4ss]

What the fuck is the difference?

the difference is quite simple: with the french you can just treat them as normal eavesdroppers on your tcp connection. like some dude hanging on the same open AP. the solution to that is to just have encrypted connections to whatever service you want to use..

but with nsa and and ms/google/yahoo whoever.. it doesn't matter that your connection to them was encrypted, as they as your "business partner" sell the data off to nsa(forcibly, but they still get a buck). with them the only way is to not use their services - or any american hosted/owned services.

it's not a great difference, but a difference still.

Re:Too much trust

[Jeremiah+Cornelius]

World was created five seconds AFTER this post. Writing it is false memory - implanted at moment that the physical universe WILL BE instantiated.

I think I think, therefore I think I am. ;-)

Re:Too much trust

For now at least 51% of the voting shares are owned by Page, Brin and Schmidt. If those three wanted to do it, I'm not sure the rest of the shareholders could do anything about it.

Re:Too much trust

[lgw]

"Fascist" has never meant that, except in the fantasy of socialists who can't accept that the National Socialist party really was socialist (which, BTW, was very progressive on stuff like minimum wage and universal health care and pensions and so on, at least for non-Jews - didn't stop them from being totalitarian militarists).

The "ism" for government-by-corporation is "mercantilism". Remember, for a couple of centuries it was normal and expected for the government to send the army/navy to protect the interest of the nations corporations (each of which would have a government-granted monopoly in its area of business). We may still have mercantilistic tendencies in the US government, but its not accepted (by most) as normal or desirable, unlike a few hundred years ago when that's what government was for.

Re:Too much trust

[kasperd]

For now at least 51% of the voting shares are owned by Page, Brin and Schmidt. If those three wanted to do it, I'm not sure the rest of the shareholders could do anything about it.

You are probably right about that. And those three are smart people, who will think about what they can expect to achieve with such a move. I believe they have reached the conclusion, that they are more likely to reach a desirable situation for their users by staying in the USA and influencing the political system there.

Remember that moving doesn't mean you can be completely unaffected by what happens in the USA, and certainly users who are still in the USA are not unaffected. And at the same time moving away reduces the influence you can have on the political system in the USA.

Re:Too much trust

[thoughtlover]

I think this is perfect example again that we put too much trust on Google.

Google isn't the problem. The American government is. Which means if you want to be safe, stay away from USA and don't trust any companies based there. If you happen to live there already, maybe it is about time you let the government know, you are not satisfied with their work.

Says the guy that lives... where? Now that it's been discovered that the German, UK, French, and Russian govs are doing the same to their citizens (as well as India, China, Saudi Arabia, need I go on?), we can clearly stop blaming the once-500-pound gorilla. It's a new 'arms race', but the arms aren't nuclear anymore; they're databases, the devices that can fill them, and the software that can sort through the noise. Many of these companies that make and sell this technology to the US gov are selling it to as many other governments as they (legally) can.

What we need is a powerful, federal, shield law that allows whistleblowers and journalists to do their job without fear of unjust reprisal. Unfortunately I don't see common sense politics like that happening till the PATRIOT Act is entirely removed.

Re:Too much trust

What the fuck are you on about? This is users specifically asking Google to store their password for convenience, so that new devices can be configured quickly. There's even an easy switch to turn it off. No controversy here at all except a dumb manufactured one.

Also, Google is one of the few large corporations which has actually time and again fought for their users against the government. They were the first to issue transparency reports, have gone to court many times to fight overreaching requests for data, and are now suing the US government to try and put an end to all this bullshit.

Oh wait, you're a Microsoft shill - your history betrays you. GTFO.

Re:Too much trust

"When we announced three weeks ago that we had mistakenly included code in our software that collected samples of payload data from WiFi networks..." -Google, June 9, 2010

This is nothing new and it's always a "mistake". What they are saying, including all of the other companies out there that do things like this, is that mistakes will continue to be made, always to your loss and their gain.

It's called "classical conditioning". At this point it doesn't matter what they do that's bad or even against the law, even if it's being repeated in another form in this case, because the masses all get a treat(dopamine fix) every time something like this happens. We will shortly see the new app or feature from Google such as Google++ and most people won't care what just happened.

Keep clicking on your pad/phone/computer you bunch of monkeys, be sure your little farm is up to date, be sure your angry birds are being tossed, be sure your candy is being crushed, gotta get that dopamine fix.

Re:Too much trust

[Plumpaquatsch]

"Fascist" has never meant that, except in the fantasy of socialists who can't accept that the National Socialist party really was socialist

As per the definition provided by the Nazis (based on that by Oswald Spengler). "Our adopted term 'Socialist' has nothing to do with Marxist Socialism. Marxism is anti-property; true Socialism is not." - Adolf Hitler.

As for Spengler: http://en.wikipedia.org/wiki/Preussentum_und_Sozialismus#Rebuke_of_Marxism_and_definition_of_.22true_socialism.22 "True socialism according to Spengler would be in the form of corporatism, stating that "local corporate bodies organized according to the importance of each occupation to the people as a whole; higher representation in stages up to a supreme council of the state; mandates revocable at any time; no organized parties, no professional politicians, no periodic elections."

IOW they were "socialist" in the same way they were "Scottish". True,

Re:Too much trust

[pentadecagon]

Just curious ... when have they intentionally broken trust?

Re:Too much trust

[fustakrakich]

Of course you are, my bright little star...

Re: Too much trust

[Jeremiah+Cornelius]

There you go man. Keep as cool as you can...

This is why I turned off backup

[DigitAl56K]

I turned off Backup on Android after discovering this. They're going to have to store them in the clear (or I guess reversible), so that the "backup" is reversible - i.e. you recover your backup or add a new phone to your account and it "just works" with your wifi.

However, there's no in-between. I can't choose to backup certain things but exclude very sensitive things, like my wifi password and other credentials. Given what we know about government snooping and the constant notices of breached databases these days, I just don't want to use the backup feature at all, and anyone who does is taking a bit of a gamble IMO.

Can't we have a sub-option to "also include credentials", at the very least?

Re:This is why I turned off backup

[gstoddart]

I turned off Backup on Android after discovering this.

I turned it off before I ever knew this, because I'm increasingly finding that I don't trust Google -- either in intent or execution.

All they want to do is collect all of your information and use it to sell advertising, they don't give a damn about your privacy.

And that stupid Google+ might be the last straw since everything is trying to foist it on me and I have no interest in it.

But, I gotta ask ... if we don't trust Microsoft and Google, who is left?

Re:This is why I turned off backup

[DigitAl56K]

But, I gotta ask ... if we don't trust Microsoft and Google, who is left?

I am fine with trusting Microsoft and Google, and indeed anyone with a reliable infrastructure, to provide a backup hosting service that significantly improves the experience with my phone in the event of a disaster. I'm just not fine with entrusting them with access to the contents of those backups, especially when I may not even be aware of or have granular control over what is in them.

A backup passphrase that only I know, and restricting processing to the client-side, would be sufficient to achieve this.

Re:This is why I turned off backup

[hawguy]

I turned off Backup on Android after discovering this. They're going to have to store them in the clear (or I guess reversible), so that the "backup" is reversible - i.e. you recover your backup or add a new phone to your account and it "just works" with your wifi.

However, there's no in-between. I can't choose to backup certain things but exclude very sensitive things, like my wifi password and other credentials. Given what we know about government snooping and the constant notices of breached databases these days, I just don't want to use the backup feature at all, and anyone who does is taking a bit of a gamble IMO.

Can't we have a sub-option to "also include credentials", at the very least?

Well, they could offer the option of letting the user set a backup password that is known only to the user (warning the user that if they lose the password, they lose their backups).

Most home users probably won't use it, but those that care about security (like every corporation that uses Android devices) probably will.

Re:This is why I turned off backup

[xeio87]

It would potentially be possible, but there would still likely be avenues to leak credentials outside of the most obvious OS ones. For example if you have a web browser (or any other app) that stores passwords and its data gets backed up into the cloud, is it an information leak if "also include credentials" is unchecked?

Probably better to have no granularity than a false sense of granularity.

Re:This is why I turned off backup

A backup passphrase that only I know, and restricting processing to the client-side, would be sufficient to achieve this.

Thing is, since the client-side is also provided by Google (ie, Android), how do you know it isn't including your backup passphrase as part of the metadata to your encrypted backups?

Re:This is why I turned off backup

[gstoddart]

I am fine with trusting Microsoft and Google, and indeed anyone with a reliable infrastructure, to provide a backup hosting service that significantly improves the experience with my phone in the event of a disaster

As random bits they can't decode, sure ... to access the entire contents of the backup and do with as they please because the ToS says so ... no freakin' way.

Re:This is why I turned off backup

[ethanms]

The problem I have with Android is the multiple ways and places you might be backing up data...

There's Google holding all my email, contacts, calendars...

Drop Box get's all my photos...

Those are the choices I made, but then I have a T-Mobile branded backup application, one from "Locate", and another from HTC... where does this data end up? I have no idea... it's not obvious so I don't want to use it.

Re: This is why I turned off backup

[EGSonikku]

Indeed, this exact option is available to iOS users.

Re:This is why I turned off backup

[dj245]

if we don't trust Microsoft and Google, who is left?

Don't even think about trusting yourself. I made that mistake once, and I slipped myself some roofies and date-raped myself.

Re:This is why I turned off backup

[Zalbik]

But, I gotta ask ... if we don't trust Microsoft and Google, who is left?

Why, Apple of course!

/sarcasm off

Re:This is why I turned off backup

[Krojack]

Titanium Backup > build-in Google Backup

Once I started using Titanium Backup I turned off the Google Backup. At least I have an option to encrypt my Titanium Backup's. It can backup/restore Wifi Passwords along with everything else.

Re:This is why I turned off backup

Thing is, since the client-side is also provided by Google (ie, Android), how do you know it isn't including your backup passphrase as part of the metadata to your encrypted backups?

If you are this paranoid then you simply shouldn't own an Android device. You have to accept some compromise, but in terms of compromises the implementation offered by Google today certainly isn't reasonable in terms of balancing your privacy and security and the convenience factor they're aiming to provide.

Re:This is why I turned off backup

[AliasMarlowe]

I turned off Backup on Android after discovering this.

I turned it off before I ever knew this, because I'm increasingly finding that I don't trust Google -- either in intent or execution.

Likewise. Nothing in particular against Google, but the number of entities in which trust is required should be minimized.

I don't allow any passwords or other information to be "backed up" outside my own domain. All backups are local on our own servers and external disks. Remote administration is switched off for the router, and server administration is allowed only from specific LAN IP addresses (router not allowed). Passwords for external sites may be intercepted en route to their intended sites, but only if the route is compromised (MITM style) or if the destination is compromised (thank you, NSA).

Re:This is why I turned off backup

[whoever57]

I turned off Backup on Android after discovering this

Unfortunately, that is not sufficient. I recently got a new phone and, despite my setting my old phone to not backup the passwords (some time after I started using the old phone), they were downloaded to my new phone.

As far as I can tell, turning off the backup merely prevents the phone from sending more data to Google. Once Google has it, Google keeps it.

Re: This is why I turned off backup

[fastest+fascist]

And you would trust the encryption implementation to protect your data?

Re: This is why I turned off backup

[hawguy]

And you would trust the encryption implementation to protect your data?

If I'm going to use the device at all, I have to have some level of trust that it's doing what they say it does. Whether they put in a checkbox that says "don't back up my credentials" or let me set a password so only I can decrypt the backups, if I don't trust the manufacturer that the software does what is says, I shouldn't be using the device at all if I'm worried about my privacy or security of my data.

Even if I load my own cyanogenmod operating system that I have personally vetted, if I don't trust the manufacturer, then I don't know if the manufacturer stuck some hidden data stealing "feature" in the firmware that I don't have access to.

Re:This is why I turned off backup

[Grishnakh]

And that stupid Google+ might be the last straw since everything is trying to foist it on me and I have no interest in it.

Google+ is exactly like Microsoft's Metro UI in Windows 8: it's a move to co-opt some big competitor (or someone they see as a competitor), by forcing a big change on their existing userbase in order to get them "used to" using this new service.

With Metro, MS saw that the mobile world was passing them by with iOS and Android (and that everyone hated their crappy WinCE offerings before these came around), so they decided they needed to force their way into the mobile device market. To do that, they decided that making a single, unified user interface was the way to do this, since 80+% of computer users use Windows; so, the bright idea was to make some "bold" (euphamism for "shitty") touch-oriented UI, different from everyone else's, and stick that on the desktop/laptop PCs so everyone would get used to it, and then want phones (and tablets) with that same UI, so they don't have to deal with radically-different devices in their lives. Problem is, not many people like Metro, especially on desktop/laptop PCs, since those devices don't lend themselves to a touch interface (google for "Gorilla arm").

Same goes for Google+: Google decided they needed to get in on the whole "social networking" thing, so they made up Google+, moved many of their existing services over to it which didn't really need it, and have used various ways to try to force users to use it, probably in the hope that they'll get tired of Facebook and just want to do everything on Google.

Re:This is why I turned off backup

I turned off Backup on Android after discovering this

This is precisely why I never turned it on. Rsync Backup is a great Android app that I use to sync my phone to my home desktop and it integrates with Tasker so you can kick it out automatically every night when you get home.

Re:This is why I turned off backup

[Grishnakh]

It seems to me this would be a good place for the alternative ROMs like CyanogenMod to offer non-Google versions of Android which they've certified (by making all the source code open and available, at least for the relevant parts) to work properly in this regard, allowing you to back up data on Google's hosts, but ensuring that it's all encrypted by a passphrase which Google has no access to.

Re: This is why I turned off backup

[F.Ultra]

Depends, is this backup part of the open source Android or the closed one? The option seams to be available in modded roms so it might be open?

Re:This is why I turned off backup

[Grishnakh]

It shouldn't be possible to intercept passwords by snooping on IP connections, as long as you're using encryption such as SSL, and not a shitty password-in-plaintext service like FTP.

However, if the destination is compromised (NSA), there's nothing you can do about that.

Re: This is why I turned off backup

[fastest+fascist]

I fully agree. However, there's a difference between saying your backups will be lost to you if you forget your password and saying the data will be properly encrypted with a key known to you alone...

Re:This is why I turned off backup

Uh, Google is more likely to data rape you.

Re:This is why I turned off backup

[gl4ss]

well the obvious answer to this would of course be a backup application that would encrypt that stuff and then upload it to google drive or office365 or dropbox or whatever. at least that is still an option on android, on windows phone not so much because.. eh.. only ms has needed access to the phone to do the backups of settings, contacts etc..

Re:This is why I turned off backup

[gstoddart]

so they made up Google+, moved many of their existing services over to it which didn't really need it, and have used various ways to try to force users to use it, probably in the hope that they'll get tired of Facebook and just want to do everything on Google.

I'm finding it is having the opposite effect ... I'm getting tired of Google.

Re:This is why I turned off backup

[vilanye]

You know, you used to be on my list of trustables, and it was a very short list, I wasn't even on it

Dale Gribble

Re:This is why I turned off backup

well the obvious answer to this would of course be a backup application that would encrypt that stuff and then upload it to google drive or office365 or dropbox or whatever. at least that is still an option on android, on windows phone not so much because.. eh.. only ms has needed access to the phone to do the backups of settings, contacts etc..

Or maybe, and hold on to your chair because this is a fucking revolutionary idea, Android could have a backup service that stores the backup on YOUR OWN DAMN COMPUTER. Like iTunes offers for iPhones (and iTunes only includes passwords in a backup if you supply a backup-protecyion password to use when encrypting the backup).

Re:This is why I turned off backup

very sensitive things

okay...

like my wifi password

dafuq?

Look, this is a password that is literally only useful within a few hundred feet of your house. Assuming that you're not re-using it for anything else, what exactly is your exploitation story, here? If I tell you that my wifi password is "frobulate" (it really is!), what are you proposing that you can do with that information, given that I'm some anonymous asshole on the internet?

Re:This is why I turned off backup

[Parker+Lewis]

But, I gotta ask ... if we don't trust Microsoft and Google, who is left?

In the desktop? Any KDE distro.

Re:This is why I turned off backup

[Darinbob]

You can still trust me. Send me your data and I'll make sure no one will be able to retrieve it.

Re: This is why I turned off backup

Err, not really.

The offline backup can be done on both platforms, and you can specify a backup password. The online / "cloud" backup can be done on both platforms, both of which require you to log in to their respective accounts.

Think about it though: How would you propose to store the passwords?

If it's ANOTHER password, the user's going to forget it (or choose one that they're already using) and permanently loose the data because the payload (wifi password database) is encrypted.

If it's encrypted via your main account password, the government/company can already access it (or at worst case, next time you log in).

Either way, I'm not particularly worried. Google has a track record of informing users of government requests. If such a request got to me, I'd disable the backup and change my passwords. Presto, no access. Now, if we're talking about the platform you mention... All I have to say is, good luck being notified (before any lawsuits for piracy or nitpicky things land in your lap)

Re: This is why I turned off backup

The backup service is just an executable in the end. You supply it with a username/password/the account handle, and out pops the unencrypted data (regardless if the data itself was encrypted).

Worst case, ROMs would just simply migrate the relevant files over and hook into it.

Re:This is why I turned off backup

[the_B0fh]

That is why the KGB created their own fork. They saw this in the source code, and didn't like it.

Re:This is why I turned off backup

[the_B0fh]

You say that sarcastically, but from what I've seen, Apple seems to put more effort into security than others.

Re:This is why I turned off backup

[Darinbob]

I don't really see that. But I only use Google+, never Facebook, and no other Google apps whatsoever. So I see Google+ as a standalone application with no ties to anything else, with no viable alternatives that do the same thing that I will accept.

The only problem with it is that it's trying to lure me into using other bogus Google apps like gmail. It's not that Google+ is luring you to use it because you use other Google apps, but that EVERY google app is luring use to use every other google app. I really don't see other companies doing things differently, just about every stupid app on the planet assumes you want to log in via Facebook or want to link your data with Twitter.

Re:This is why I turned off backup

[the_B0fh]

I have seen no evidence that corporations that use Android care about security.

Why do you think Samsung has to come up with the SAFE campaign, *AND* that says that all iOS devices are "SAFE" rated and *TWO* Samsung devices are "SAFE" and the rest of Android devices are *NOT SAFE".

http://appleinsider.com/articles/13/03/04/samsung-adds-security-layer-to-android-to-gain-enterprise-credibility

Re:This is why I turned off backup

Factory reset the device, and add in a few new access points that you don't care about.

I had to get a water-damaged galaxy nexus device repaired and it came back with a new install.

I didn't log into my Google account for a day or so, and it overwrote the old wifi file and would restore nothing. Luckily, I had an offline backup ready and waiting.

Re:This is why I turned off backup

[Grishnakh]

Again, exactly like Microsoft and their Metro UI; it seems to be having the opposite effect as intended.

Re:This is why I turned off backup

[Nerdfest]

The sad part is that Google damn near at the top of the privacy trust-worthiness scale. Almost everybody else is worse. If you really care about your privacy you need to avoid all hosted services and do everything yourself.

Re:This is why I turned off backup

[Nerdfest]

Think again. When it's privacy related they're pretty much at the bottom. They do put a lot of money into marketing though, and based on profit margins, I'd have to say it seems to be a smarter choice than security and privacy related spending.

Re:This is why I turned off backup

[Nerdfest]

Luring is fine, but forcing sucks. I'm disappointed about the Latitude replacement.

Re: This is why I turned off backup

[Nerdfest]

Most Android backup options are the same, including ones that back up to DropBox, Box, etc.

Re:This is why I turned off backup

You think of all the credentials you enter into your phone, it only backs up the wifi password? Seriously?

Re:This is why I turned off backup

You can with Titanium Backup, which existed long before Google offered backup for Android at all. It's also stored local, so you have control over it. Not quite as convenient, but you can't trust any "big data" company. Even if that company is trustworthy, their hand can be forced.

Re:This is why I turned off backup

[the_B0fh]

You are aware of the irony of the many starred Google being the star of this issue whereas the one starred Apple not doing this?

One thing about Apple's secrecy is that unfortunately they get ranked down on these things. Like how they were scored the lowest for their environmental scores despite being the best at it.

Re:This is why I turned off backup

[Nerdfest]

There is a difference between storing something in the clear which only you and them (which is the real problem here), and handing over anything you have to someone who asks for it. One is good security policy and the other is good privacy. In this case, Google still has good privacy, but stupid security practices. If you protect your phone and they protect their servers you're still fine, but it's still stupid.

Re:This is why I turned off backup

[lumenistan]

Check out SpiderOak. You set up your keys and you're the only one who has the keys. Even if the NSA came with a warrant, SpiderOak would only be able to hand over the ciphertext/garbled blob.

(yes, this is a referral link). Take off the referrer code if you really want to screw me out of some free storage, but in either case, go at least look at SpiderOak.

Re: This is why I turned off backup

[Nerdfest]

No problem with a referral link here, I'm a big fan of SpiderOak. As someone here pointed out, their Security relies heavily on the strength of your password.

Re:This is why I turned off backup

[lgw]

If you're trusting Apple with you're stored data you're trusting Microsoft too.

Re:This is why I turned off backup

[kllrnohj]

Well, they could offer the option of letting the user set a backup password that is known only to the user (warning the user that if they lose the password, they lose their backups).

Most home users probably won't use it, but those that care about security (like every corporation that uses Android devices) probably will.

Yes, they could. This is what Chrome does for saved passwords, for example, so Google's servers only ever get an ecrypted blob.

However, the question is why on earth is your *WIFI* password that sensitive that it needs that level of user friction, hassle, and increased support costs? Corporations can easily use their own app or a 3rd party app that injects the wireless credentials through Android's public API for that - there's no reason for Google's backup to handle that. Those that care about security have probably already secured every device on their network instead of blindly trusting anything that can reach it. So what, exactly, is so damn sensitive about a wifi password that this needs to be an option that Google should support? Are you that worried that Google will leach off of your bandwidth or something?

And if the NSA is already tapped into the fiber backbones as people suspect, what would they want with this info anyway? Why wardrive and catch snippets when you can just record literally everything?

Re:This is why I turned off backup

[the_B0fh]

I remember reading that article when it came out, and it didn't make any sense then, and it still doesn't make sense now. How do you "stripe data" between two entirely different architectures? One's MS/SQL and the other's probably mysql or postgressql or some form of hadoop.

Re:This is why I turned off backup

Your own damn self, who else?

Re:This is why I turned off backup

Firefox OS?

Re:This is why I turned off backup

[skids]

So what, exactly, is so damn sensitive about a wifi password that this needs to be an option that Google should support? Are you that worried that Google will leach off of your bandwidth or something?

Single Sign On. It's what the PHBs and most of the users want, so it's what we give them. Your WiFi password is also your password for most other authenticated services.

Re:This is why I turned off backup

[Rockoon]

Tell us where you live and what your wifi password is, and then you will have an analog to google. Keep in mind that its almost a certainty that some kiddie porn guy will be parking in front of your house if you do that.

Re:This is why I turned off backup

[AliasMarlowe]

It shouldn't be possible to intercept passwords by snooping on IP connections, as long as you're using encryption such as SSL, and not a shitty password-in-plaintext service like FTP.

Actually, all it requires is that the route be compromised such that MITM attacks are feasible. For example, if the route from $customer to $bank is compromised by $baddies, then SSL or any encryption involving a negotiated key gets you nowhere. The SSL request from $customer goes to $baddies who respond with a key that they know and understand, while they pass on another SSL request to $bank. Everything between $customer and $bank is available in cleartext to $baddies, who can either (i) snoop on all of $customer's transactions, or (ii) insert their own transactions under $customer's authority. This is MITM basics...

It's also how many corporate firewalls work, and how they must work in any corporation doing business in the US (thank Congress and their weird laws). They have a built-in MITM going on all the time. It may not be wise to do your banking while at work if you don't trust your employer, or whoever they outsource network security to.

Re:This is why I turned off backup

[bingoUV]

There are various ROMs available with all links to Google broken (contacts sync, gmail, market etc.). Google's applications can then be installed on a need basis.

It won't really be fair to use Google's backup services without giving them access to data for data mining - that is Google's price for giving you services.

The various open source "recovery" software for android devices (e.g. clockworkmod) do let you backup whole operating system data (that includes wifi passwords, application settings etc.) to SD card. This in turn can be encrypted and stored on various cloud services - including Google's. There, at least, Google's "price" is not access to your data for data mining.

It takes some work, but not much for most users of recovery software. Also gives you "versioning", unlike Google Android default "only latest" policy.

Re:This is why I turned off backup

[minus9]

I'm sure your Wi-Fi is now completely safe from NSA snooping.

"It's no good boss, it's got a password on it and Google don't know what it is."

"We may as well go home then."

Re:This is why I turned off backup

[L4t3r4lu5]

Titanium Backup with Root access, zip, and put in SpiderOak storage. To recover, you install Titanium Backup and Spider Oak client on your new device / download backup to your PC and decrypt / unzip and transfer to device, and recover.

A little cumbersome, but secure. The encryption key never leaves my device (encryption occurs before data transfer to online storage).

Have an untrusted network

[PvtVoid]

This kind of shit is exactly why, as soon as I got an Android smartphone, I also installed a second wireless router, with its own encryption password, outside my firewall. Anybody who wasn't already assuming that smartphones and tablets are anything other than hostile network actors is an idiot.

Re:Have an untrusted network

[Russ1642]

I only do my top secret browsing through two separate secure proxy services. NSA will never know that I watch My Little Pony.

Re:Have an untrusted network

[kc9jud]

Anybody who wasn't already assuming that all networked devices for which you haven't personally reviewed all the source code are anything other than hostile network actors is an idiot.

FTFY.

Re:Have an untrusted network

I assume you also built that router? And all the components?
There could be 50 backdoors in everything else you use for all you know.
And the OSes alone, probably 100 more.

Your overly paranoid reaction is unfounded and just as pointless.

Wireless itself is a hostile network actor, having one is bad enough, even with encryption.
Replace wireless with infra-red repeaters or get wireless-blocking paint and then you will maybe be protected with wireless computing.
Or develop some pseudo-security layer on top that requires a timed-verification on both systems or no network access at all until you do so. (similar to some port-knocking mechanism if you will)

Re:Have an untrusted network

[alen]

+1

Re:Have an untrusted network

Ooooooor you could just turn off the online backup function...

Re:Have an untrusted network

I only do my top secret browsing through two separate secure proxy services. NSA will never know that I watch My Little Pony.

Oh like this NSFW?: http://www.pornhub.com/view_video.php?viewkey=483669899

Re:Have an untrusted network

... "watch" ...

Yeah. Especially with the "third eye". ;)

Re:Have an untrusted network

For those who think he's wearing a tin foil hat, this is actually smart and legit security.

Re:Have an untrusted network

[lactose99]

Anybody who wasn't already assuming that all networked devices for which you haven't personally reviewed all the source code are anything other than hostile network actors has way too much time on their hands.

FTFY^2

Re:Have an untrusted network

I only do my top secret browsing through two separate secure proxy services. NSA will never know that I watch My Little Pony.

We know.

Love,
Chrysalis@NSA

Re:Have an untrusted network

You're lying, because you're using 5 (five) proxies.

NSA will never know that I watch My Little Pony.

Hey, we love ponies too.

NSA agent #1778549.

more info

[slashmydots]

Strangely missing from the summary is the fact that this only affects Android devices, as far as I read in the article. While most phones allow you to easily "show" aka decrypt and view your wifi password for a network you hopped in ages ago, I happen to know that all desktops and laptops with Windows XP-7 do the same. They're also easily recoverable by third party instant decrypts too. So if you think plaintext or reversible encryption storage of passwords is the problem, that's all devices everywhere, with or without Google. The problem is Google actually having your password.

Re:more info

[dyingtolive]

Google storing all your WLAN passwords on their application settings backup service without allowing you to encrypt them.

...based upon the above, on what other platforms would you assume that Google has any sort of interaction with your WLAN passwords? I'm really curious.

I mean, they're clearly stealing them by using their vans to read my dog's brain, but that's what the tinfoil hat is for. Not everyone has pets however.

Re:more info

[gstoddart]

Strangely missing from the summary is the fact that this only affects Android devices

Do Google provide a backup service for anything else?

I happen to know that all desktops and laptops with Windows XP-7 do the same

Upload it to the cloud unencrypted? I don't think so.

So if you think plaintext or reversible encryption storage of passwords is the problem, that's all devices everywhere, with or without Google.

But made worse by the fact that on newer Android devices this is enabled by default, and uploads all of your data to the cloud and apparently stores stuff completely unencrypted -- this is not the same thing at all.

The problem is Google actually having your password.

No, the problem is that Google is interested in harvesting all of your data and don't give a damn about your security or your privacy, and they will provide this information to government agencies upon request.

It's time to start assuming that you can't trust Google with your data.

Re:more info

Not valid.

And I quote from the issue tracker

"Its not necessarily in plan text. They could use your account details to encrypt the data, and retrieve it based on your authentication credentials. In this sense logging into your account is the equivalent of decrypting your online password storage."

So what's the hoopla about again?

Re:more info

[husemann]

yep, should have explicitly mentioned this affects android devices, i wrongly assumed that that would be obvious from the context. apologies.

Re:more info

[husemann]

I think the hoopla is about two things:

- google is not disclosing how they protect our data
- google has full access to data that at least I consider is none of their business, so I'd like to be able to supply my own encryption key.

Re:more info

[gstoddart]

google is not disclosing how they protect our data

That's because they're not.

Re:more info

[CanHasDIY]

It's time to start assuming that you can't trust anyone with your data.

FTFY.

Welcome to the world of Johnny Mnemonic, minus the cerebral implants and Henry Rollins' terrible acting.

Re:more info

[aaaaaaargh!]

Well, they have been caught sniffing out WLAN metadata with their street view camera cars in the past, breaking numerous laws in various countries in the process, so the idea that they could attempt to "accidentally store" plaintext WLAN passwords is not that far-fetched.

No need for a tin-foil hat, though, when you can explain the behavior to a simple and straightforward "we don't give a fuck about the security of your data" attitude.

Re:more info

[gstoddart]

Welcome to the world of Johnny Mnemonic, minus the cerebral implants and Henry Rollins' terrible acting.

*sigh* So, all of the dystopian future without any of the fun technology?

Re:more info

[idontgno]

Well, in all fairness, knowing now how the NSA works, you'd have to rewrite parts of "Johnny Mnemonic", becausee Jones the Dolphin would be an active NSA operative behind barbed wire and armed guards instead of a fun fair freakshow.

Re:more info

[CanHasDIY]

That seems to be the direction we're heading in.

I guess if you want to be an optimist, you can take comfort in the fact they aren't using poor people as food... yet, anyway.

Re:more info

[TheCarp]

> No need for a tin-foil hat, though, when you can explain the behavior to a simple and straightforward
> "we don't give a fuck about the security of your data" attitude.

You are not wrong, but you are missing the point of the previous comment. The point was that unencrypted wifi passwords on PCs is not the same issue - because google doesn't generally have access to the unencrypted password on your PC. In fact its pretty unavoidable without going to smart cards.

The android phone, on the other hand, is actually sending it to them in plaintext, which means they do, in fact, have it. The problem isn't the local device storage, its the remote storage.

Re:more info

[slashmydots]

It could go Ghost in the Shell: Standalone Complex though.

Re:more info

[kllrnohj]

- google is not disclosing how they protect our data

Yes, they do. That's the privacy policy that nobody reads. If you want security design documents, good luck with that, you'll never see them from anyone.

- google has full access to data that at least I consider is none of their business, so I'd like to be able to supply my own encryption key.

Then don't check the fucking box that says "Backup my stuff to Google" ?

Re:more info

[handleym99]

I have no idea what you mean by "So if you think plaintext or reversible encryption storage of passwords is the problem, that's all devices everywhere, with or without Google". This is absolutely not the case with iPhone. Apple is, in fact, so paranoid about this that for years one of the UI complaints about iOS was when you recover from a backup to a new phone, you have to re-enter all your passwords. Why? Because passwords were not stored in the backup. They are stored in the backup now --- but ONLY if you choose an encrypted backup, not for a cleartext backup.

Is it really plaintext?

from the discussion on that bug report, I have seen no proof that the password is stored in plaintext on Google's servers. On chrome by default all your synced data is encrypted with your Google password. I would be surprised if they didn't do the same on android.

Re:Is it really plaintext?

from the discussion on that bug report, I have seen no proof that the password is stored in plaintext on Google's servers. On chrome by default all your synced data is encrypted with your Google password. I would be surprised if they didn't do the same on android.

You don't lose the data if you reset the password. That should tell you something about how it works.

Re:Is it really plaintext?

[GuB-42]

It may be encrypted to prevent someone entering the datacenter from stealing data directly from the hard disk.
But if your data can be recovered in any way without the original password, then Google can access it as well as if it was plaintext.

Surprising?

[iYk6]

the fact that Google can read them (and disclose them if forced by 'law') is a bit surprising, too put it nicely.

That's not just nice, that's outright flattery. Seriously, who is surprised by this? Lots of cloud backup storage services don't let you encrypt data (or make it hard to do so), so why would it be surprising that Google, the mother of all data hoarders, would want to store and read this stuff?

Medical records

I will paraphrase the words of Sergey Brin, that we should all share our medical records with one another... or at least with Google.

Bug?

[ThatsNotPudding]

What we know now about Si Valley's (sometimes lucrative) strange bedfellows, they need to prove it wasn't a 'feature' for their buddies.

Thanks a pantload, Chet.

[Jawnn]

I mean, WTF, Google? How did anyone who had any sort of clue at all think that it was acceptable to store data that is critical to my networks' (yes, several) in the clear when you copied it from their Android devices. Again, what the fuck?

Other people leak your guest wifi password

[DigitAl56K]

I think it's worth mentioning one other side-effect of this "send everything" backup policy: I basically cannot safely guest any visitor who has an Android phone onto my secured WiFi network without their phone sending my WiFi password straight to Google.

This puts me in the awkward predicament of denying visitors WiFi access, or constantly changing the guest password on every device I have that uses it.

If you're reading, Google folks, this is fricking annoying.

Re:Other people leak your guest wifi password

Use MAC filtering. Sure, it's a pain in the ass and it can (with some effort and wifi snooping) be hacked, but it helps.

Re:Other people leak your guest wifi password

[CanHasDIY]

Ever consider a dual radio set up? That way, you can have your secure network, and an open net for guests.

Re:Other people leak your guest wifi password

[the_B0fh]

You might want to give that a little more thought.

If Google has your wifi username and password, where did it come from? Your Android device. Which you registered. Which means Google knows it's IMEI and serial *AND* MAC addresses.

Try again?

Re:Other people leak your guest wifi password

[the_B0fh]

so everyone should have an open guest network open to the world (or NSA at least)?

Why, that's a swell idea...

Re:Other people leak your guest wifi password

[blueg3]

You cannot give your guests your WiFi password (or access to a password-secured WiFi network) without giving them the ability to leak it to anyone and everyone. That's the nature of a shared-secret system: everyone you've shared the secret with can share it freely with anyone else.

Set up separate SSIDs for internal and guest and periodically change the guest password. Separate networks is better anyway.

Re:Other people leak your guest wifi password

[CanHasDIY]

so everyone should have an open guest network open to the world (or NSA at least)?

Why, that's a swell idea...

Why not?

BTW, in case you haven't been paying attention, the NSA is intercepting communications at the ISP level, so whether or not you're using secure wifi doesn't really matter to them.

Re:Other people leak your guest wifi password

[kqs]

Wow, good point. If it weren't for this bug, your wifi would have been secure against the NSA!

Look, if you think your wifi is secure against *any* well-funded group, then you've rather confused about security. If you use a shared wifi password rather than certificates, then you have already decided that convenience is more important than security. I make the same trade-off myself; I just don't publicly complain that somehow this could be secure against anyone with the power to hack or subpoena Google. Cause that would be crazy.

Re:Other people leak your guest wifi password

[the_B0fh]

Intercepting traffic (ie, read) at the ISP has a different risk profile from injecting traffic (ie, making active requests) onto your access point.

Think child porn. If a rogue NSA employee wants to use your access point for some child porn, *YOU* go to jail. Whereas he can't do it if all he has is read-only data from AT&T. Or at least hell of a lot more manipulation has to be done.

Re:Other people leak your guest wifi password

[CanHasDIY]

OK, so set up the open side with a captive portal that requires agreement to a terms of service that declares the operator of the network free from responsibility for what users of the network do.

Like every other person/company that offers free wifi. At least, the ones smart enough to cover their own asses.

Apple iOS

[EkriirkE]

While not storing cleartext, they do store your WiFi passwords in a reversible encryption. If using WPA I think they should just store the ssid:phrase hash instead of keeping the phrase. WEP can't be helped... Anyhow, Apple stores all passwords in their keychain and this is easily snooped. Jailbroken iOS devices can get "WiFiPass" to reveal all the AP & passwords its ever connected to. It's handy when I pass my device to an AP owner to "privately" enter their password but I want to associate more devices, I just load that program and see what it was and do it myself.

Re:Apple iOS

[Andreas+Mayer]

Anyhow, Apple stores all passwords in their keychain and this is easily snooped.

It's not *their* keychain. It's *your* keychain. It's local on your device. Of course it will end up in the backup. But the whole point of the keychain is, that it's encrypted, so that shouldn't be a problem, even if you choose not to encrypt your backups.

And how is the keychain "easily snooped"? That's news to me. Please elaborate.

Well, yes. If you *allow* access to the keychain - it can be read. Would be pretty useless otherwise.

Re:Apple iOS

If using WPA I think they should just store the ssid:phrase hash instead of keeping the phrase.

I believe this is actually what they do. But that's a distinction without a difference: it's enough information to allow you to connect to the network, so it doesn't really matter that it isn't your actual passphrase...

Re:Apple iOS

[EkriirkE]

...And how is the keychain "easily snooped"? That's news to me. Please elaborate....

https://github.com/ptoomey3/Keychain-Dumper

Re:Apple iOS

[EkriirkE]

Maybe the do save the hash instead of recalculating it on the fly, but they do also store the original passphrase. Otherwise tools like WiFiPAsswords wouldn't work. Still handy if the person changed their AP name but keeps the old password.

Re:Apple iOS

[blueg3]

While not storing cleartext, they do store your WiFi passwords in a reversible encryption.

Okay, let's get a few things straight here.

First, "reversible encryption" is a stupid phrase. There are basically two kinds of encryption: symmetric encryption and asymmetric encryption. Symmetric encryption uses a single secret key to both encrypt and decrypt data. It's reversible (using the one key). Asymmetric encryption uses two keys: one key to encrypt and a different key to decrypt. It's also reversible, but the encrypt and decrypt operations can only be performed with the corresponding key. They're both reversible. In fact, the point of encryption is that it's reversible.

Hashes are cryptographic operations that are one-way. That is, not reversible. Hashing is not encryption.

Second, WPA, WEP, and all sort of other security protocols are relatively simple (read: usable) in that the security is provided by a shared secret. That is, the two parties (ie., your phone and your wireless router) both have a copy of a secret piece of information. That piece of information might be a password, a key, a key derived from a password, a hash of something or another. It doesn't really matter. The point is that the a key aspect of the protocol is that both sides must have the secret.

For these systems, both sides fundamentally have to store the secret in an accessible form. That is, they "have to store your password in plaintext". Or they have to ask you to input it again every time it needs to be used (ie., you connect to the wireless network). Because both sides need to have the shared secret in its original form in order to perform their protocol. That's how the protocols. So you can't really store those passwords in an irretrievable fashion. Sure, you can store that data in some kind of encrypted database, but the system needs to be able to decrypt that database whenever it needs to access the secrets. This means it needs to either store the encryption key to that database somewhere (in which case the database can hardly be considered "secure") or it needs to ask you for the encryption key (ie., a password) every time it needs to access the database -- meaning that what you can do is replace one secret (the stored data) with another one (the database password).

So don't complain too hard when you find out that you can retrieve your saved Web passwords in Chrome (or Firefox) or that you can retrieve WPA passwords from... well, everything. There is, fundamentally, no alternative. (Storage "in the cloud" is another matter.)

Probably the most effective system that provides some real benefits is using system-level support for encrypted databases that is tied to your login credentials. Even better if this is full-disk encryption below the logical OS level.

Re:Apple iOS

[EkriirkE]

WPA handshake/crypto is done by hash of SSID+phrase, there is no need to store the original phrase but it is, as far as I can tell, for end-user convenience when changing your AP's SSID and not having to rekey the passphrase. Though on the client side I can't think of a reason for it... In the end, though, the hash can be considered the new passphrase but not exactly human-readable.
Granted "reversible" is redundant when talking about encryption, I never implied a hash was reversible.

Re:Apple iOS

[blueg3]

You only mentioned "reversible encryption", which is redundant. I added the bit about hashes because people are constantly confusing hashes with encryption.

I specifically used the term "secret" because your password isn't necessarily your secret. In the case of WPA, for example, it's that generated hash that is the real secret. You could store that instead of the original password and it would be just fine. However, the secret is the piece of information that's used to access the network anyway. The fact that user interface components ask for your password is no barrier -- if the system stored the ssid+password hash, an attacker could recover that and join the network just as easily. In this sense, that hash is your "real" password. The only benefit of not storing that password is that an attacker couldn't benefit if you happen to use the same password in many places. (But then, if you use your wireless password for any other purpose, you've got bigger problems.)

Re:Apple iOS

[Darinbob]

I tell my Mac not to use the keychain stuff. In return it seems to think I'm some sort of Luddite and constantly prompts me to store my passwords.

Re:Apple iOS

If it's your keychain, then say goodbye to your data if you ever forget your password (or you can sit there and try to brute force it).

So how's that forget-my-password link next to the cloud backup login work?

I don't think you have the complete picture.

Re:Apple iOS

[maccodemonkey]

While not storing cleartext, they do store your WiFi passwords in a reversible encryption. If using WPA I think they should just store the ssid:phrase hash instead of keeping the phrase. WEP can't be helped...
Anyhow, Apple stores all passwords in their keychain and this is easily snooped. Jailbroken iOS devices can get "WiFiPass" to reveal all the AP & passwords its ever connected to. It's handy when I pass my device to an AP owner to "privately" enter their password but I want to associate more devices, I just load that program and see what it was and do it myself.

The keychain file on iOS is usually encrypted based on device's hardware encryption. So in this example, yes, if you have a physical device, and you've jailbroken thus disabling the permissions for keychains (normally keychains can only be accessed by the app that created them), you've got an issue.

But for the original example of backups... The keychain file is backed up on the server, but the server can't decrypt because the key is stored in the actual chipset of your device. This is why if you restore a backup onto a different device all your passwords are gone.

Re:Apple iOS

[EkriirkE]

I have successfully restored between devices from a single backup and retained all my WiFi connections. (iPod > iPhone)

Re:Apple iOS

[rsborg]

...And how is the keychain "easily snooped"? That's news to me. Please elaborate....

https://github.com/ptoomey3/Keychain-Dumper

This only works for Jailbroken devices. AFAIK, iOS6.1.3+ is not capable of jailbreak. How are you going to get the keys from my iOS devices running iOS6.1.3?

Re:Apple iOS

[ancientt]

Lastpass.

My passwords are often stored in Lastpass which stores them in a way that they cannot decrypt and only I can. They could change the way it works and I might never know, but I trust them based on how they've handled security issues in the past.

I can retrieve my passwords, but the company providing the service can't and I like it that way. I always turn off the "remember passwords" options in browsers because I don't trust that it couldn't be reversed by someone who gains physical access to my machine.

Now if you get physical access to my machine, you will have to boot off of your own media and that means that you'll need to pull the hard drive out or wipe my bios in order to install a keylogger so that you can catch my password as I put it into lastpass. That's a fairly high barrier, but it is a little better than most other methods. You'll also need to know what to target and you can target my KeePass database the same way, but with those specifics, you'll need to be somebody who has really done their homework to get to my passwords.

If you're after me and you are the NSA, then you can send in a coder and some documents and reprogram the way LastPass works and not tell me. I accept that risk because if you're the NSA, you can also watch my monitor from across the street even after I close my blinds and likely break into about any system I might have so I have little choice but to accept that if they really want to see what I'm doing, they absolutely can. For the script-kiddies though, it is a hard hack. I seriously doubt even the NSA has a chance of getting into my LastPass database so I store it in a cloud service and they're welcome to poke at as an exercise in futility... if they want me they will have to break into *my* system, not the cloud, not Google and not anybody else. But they're the NSA, if they *want* you, they will get everything they want because what they have the ability to do is awe inspring. (You hear that guys? I'm not afraid of you, but I am freakin respectful so lets leave my browser history out of it okay? Please?)

So full circle, Google could say "Pick any of the following systems for backup retrieval: LastPass, KeePass URL, iTunes, Amazon, My Little Backup Pony or None" and optionally encrypt the backups but they probably figured (rightly) that 99.99% of their users wouldn't ever know or care that they were backing up their phones in a way that Google can access all the info on it.

wifi route with guest account support

[husemann]

A WIFI route with guest account support is rather useful for that: set up a guest account for 2 hours, use a throw-away password and off you go (and keep the guest account from accessing your home network)

Re:wifi route with guest account support

[husemann]

router even. sigh.

Re:wifi route with guest account support

[DigitAl56K]

That's true, but what if your visitors return frequently (family), or you have some of your own devices on the guest account so that e.g. you can use your routers wireless isolation feature for those devices, etc.?

Take the case of family:
* You can put them on the guest network, but every time they come to visit you have to re-issue a password to all of them and reset it when they leave, or else Google has the credentials.
* You can put them on the main network because you trust them with the password. However now Google has the credentials for your main network.

Re:wifi route with guest account support

[oPless]

Sounds like what you need is WPA Enterprise :P

Re:wifi route with guest account support

[the_B0fh]

Trying to argue common sense with slashdot?

Gotta love people who advocate throw away passwords for wifi.

Google Apps states it is encrypted

When I access my Google Apps account it states that all of my mobile devices backup data is encrypted on their servers. I'm guessing the bug request it to allow the user to perform their own encryption with a password different from their Google Account?

Re:Google Apps states it is encrypted

[robmv]

Encrypted on their servers mean they can decrypt on their servers. It should be encrypted on the client

Which is it, Google?

[thetoadwarrior]

Google supposedly hires the best of the best but they seem to make more than a couple school boy errors. So do they hire incompetent people or are they doing this for the NSA? I think I know what I'd pick.

Re:Which is it, Google?

Normally I'm happy to talk about my experience with Google but given what I'm about to say I'd rather post as AC than have angry friends.

When you graduate from an Ivy League college you have the option of going to work for Goldman Sachs, etc. They recruit like crazy and have very low standards relative to the pool of your classmates. In fact, there's a strong correlation between being a relatively poor student at a place like Harvard and being in the subset of Harvard students who takes a job in investment banking. The investment banks very clearly scrape the bottom of the Ivy League barrel.

When you graduate from a top 5 research institution with a technical (or probably non-technical) PhD, you have the option of going to work for Google. They have very low standards relative to the pool of your classmates. There's a ridiculously strong correlation between being the very worst researcher who needs help writing even basic code or understanding basic concepts in the physical sciences and being in the subset of top school PhD graduates who takes a job at Google. Google very clearly scrapes the bottom of the graduate school barrel, and I'd argue that the intelligence of the PhDs coming from a top 5 grad schools is actually much lower than that of the graduates of a (good) Ivy League school. If you can't cut it in your field because of a low intelligence or lack of maturity, Google is a very real alternative with much lower standards.

Re:Which is it, Google?

Why assume the worst (that Google works for the NSA)? Google makes these “mistakes” in order to help themselves.

Do no evil

[sproketboy]

But I guess they do a lot of stupid.

Re:Do no evil

[phantomfive]

Yeah. I'm guessing this one is not malicious. Android has a lot of bugs, and when your system has a lot of bugs, it's going to have security problems (see also, Adobe, Java Applets, Microsoft, etc).

Re:Do no evil

This isn't a bug - this is for user convenience. (Judging from your exclusion of certain companies, fanboy will be fanboy)

If Google left an encryption password to the user, there would be no way of restoring the data should they forget the password. And boy, do users love to forget passwords.

If any company can reset your password without deleting all your old data, it means that that old data was never encrypted to begin with (or they store the password along with the payload, which would negate the purpose of securing it). Try it with your cloud service, whichever platform you decide to use.

So what?

[__aawavt7683]

So what? Concern where concern is due. Do you really think that Google is going to be fetching your phone backups, hoping for a wireless password, then driving to your house and connecting to your wifi so that they can... sniff your traffic? Impersonate you on the internet?

How does this in any way matter? even if the password _were_ encrypted, it's reverseable encryption -- it _has_ to be. So they could just decrypt it, anyway. This is the same as on Windows: you can get a wireless key viewer that gives you the password of every network that Windows has memorized. Further, your computer is probably a great deal more accessible to anyone, especially those who are interested in your wireless network, than Google's phone backups.

As for those who are going to say, "Let the user encrypt it with a password!" ... most don't do that. Most people won't put one in, many will forget it if they do, you can't link it to a phone identifier because part of the purpose is in case the phone is lost, and part of the functionality is syncing to Google services -- so it has to be decrypted anyway. Wake me up again when Google syncs all the pictures you've taken with your camera to Picasa and posts them on your auto-created Google+. That'll be a fun day.

Re:So what?

They're not going to drive by your house, but the NSA might like to download that collection of passwords to use whenever they're out and about. Who wouldn't want a massive table of SSIDs and associated passwords? The worst part of this is what I might give my friend the password for my WiFi and he's unwittingly turning it over to Google and potentially the NSA without my permission.

Re:So what?

If you have google+ app installed they do.

Fortunately they upload them to NSA facilities so your taxes pay for their storage if your videos are less than 15 minutes: http://socialtimes.com/picasa-considers-google-users-special-instant-upload-photos-videos-do-not-count-against-1gb-free-storage-limit_b69159

Re:So what?

Really? I keep hearing good things about Windows. I hate it when on my Mac I forget the password to a network I have saved, and sometimes there's no one around that knows it, and daisy-chaining all of my devices doesn't always seem like a good idea.

Re:So what?

[Zalbik]

How does this in any way matter? even if the password _were_ encrypted, it's reverseable encryption -- it _has_ to be. So they could just decrypt it, anyway.

Wrong. It could be encrypted with a key that only the user knew. With proper key choices Google would have no way of decrypting

I know some people like to believe that if Google, the NSA, the Chinese or some other group really really wanted to, they could decrypt any encrypted information, even without the password.

This is false. It is still infeasible for anyone to crack Triple DES info encrypted with a reasonable choice of keys.

Re:So what?

[whois]

If you're a company and anyone associates to your corporate network using an Android phone, you've now got a problem.

And how are you supposed to stop this with policy other than blanket banning android phones? Ignore the fact that google is "good guy google" and think about what happens if the database is somehow exposed to hackers, or if there is a malicious google employee who decides to sell 1.4 million wifi passwords?

Re:So what?

So what? Concern where concern is due. Do you really think that Google is going to be fetching your phone backups, hoping for a wireless password, then driving to your house and connecting to your wifi so that they can... sniff your traffic? Impersonate you on the internet?

Yeah, Google would never drive to your house and sniff your wifi traffic. That's just ridiculous.

Oh, wait... http://googleblog.blogspot.com/2010/05/wifi-data-collection-update.html

Re:So what?

[c]

Do you really think that Google is going to be fetching your phone backups, hoping for a wireless password, then driving to your house and connecting to your wifi so that they can... sniff your traffic? Impersonate you on the internet?

Whether or not someone thinks they want to, the question I have is that if you're running a Google O/S, with a good chunk of your stuff available using Google software via Google products, why in the world would Google ever need your wifi password to access your wifi network?

If Google wants to fuck over an Android user (and I'd bet that even Kindle users aren't 100% immune), they almost certainly can. It might be via internally-identified Chrome exploits or something, but I have no doubt they could come up with something.

Re:So what?

Again, if they user forgets their password to their online backup? Do you just say "screw you"?

Re:So what?

[kqs]

I know some people like to believe that if Google, the NSA, the Chinese or some other group really really wanted to, they could decrypt any encrypted information, even without the password.

This is false. It is still infeasible for anyone to crack Triple DES info encrypted with a reasonable choice of keys.

Absolutely true.

Oddly enough, there are also people who think that a wifi network with a password would be hard to subvert. Really! It amazes me, but it's true. Aside from the fact that most people use easily-breakable passwords, most access points run old buggy code And if you're worried about the NSA or the Chinese, well, you know the right XKCD comic.

Re:So what?

[Dynedain]

It could be encrypted with a key that only the user knew.

Only if you want to retype the password every time you connect to the network. That handy-dandy-remember-my-password feature saves a plain-text or easy-to-decrypt password by necessity.

Re:So what?

[LordLucless]

Which is why you're encouraged to read the entirety of the post you respond to, instead of just shooting off after the first paragraph. The OP already addressed your point:

As for those who are going to say, "Let the user encrypt it with a password!" ... most don't do that. Most people won't put one in, many will forget it if they do, you can't link it to a phone identifier because part of the purpose is in case the phone is lost

Re:So what?

[ancientt]

I'm glad to see a few rational thinkers on this forum, but that's not the end of the story. If the NSA or Chinese government really really wanted to see all you are up to, they wouldn't be trying to decrypt your password. They'd probably just hack into your system because they have 0-day hacks that you can't know about and install a keylogger. If you're really paranoid and you boot from CD and run everything from RAM, they can still install a physical keylogger if they care enough to get physical access. They'd sneak into your office or home and install a keylogger or other monitoring service. If they're really really interested, they'd put a device in your wall or monitor so that they can see what you do as you do it and closed blinds and RAM only OS isn't enough to keep them from getting the info. There could be a device in my monitor and in the keyboard connection and in my mouse connection right now and if they really really care enough to send the very best, I'd have no way of knowing they can see eveything my screen shows and every thing my keyboard types and every movement my mouse makes.

What you can do is determine what level of paranoia is justified:

• Boot only with a password provided to BIOS with password protection for changes and also alarm on case opening - makes the attacker have to have the expense of physical access and expensive parts to see what you're typing or an unusual BIOS hack
• Use a secure unusual system - makes the attacker have to have a less well tested toolset for breaking into the system with bonus points for a custom port knock system
• Run your OS from RAM - makes physical snooping practically required
• Work in a faraday cage - makes the attacker need something complex in order to get a signal sufficient to watch active sessions

So you have carefully reviewed Slax (OS from RAM) and made some modifications, and your computer is set to boot only from CD and only with a password, and you set it to alarm for an opened case and you put it all inside a closet with a variety of secret alarms and you've made the closet a pretty solid faraday cage. You modified a firefox browser and you only connect to the internet through a VPN to Switzerland and only through a proxy in Romania and you only go to secured sites.. now what? How can this system still be compromised by a determined NSA agent?

NSA agent does the following:

• Gives your SSL providers a letter - SSL compromised
• Breaks into your house and BIOS because they're really good at detecting potential alarms and bypassing them
• Sets up a keylogger and remote screen monitor
• Hacks the ISP for the Swiss VPN and substitues their own proxy for the Romanian one, a feat requiring them to pay one of the proxy guys a couple dozen bitcoins
• Wait

The NSA agent now sees everything you do, everything you type and can show you anything they like on your screen.... if they really, really want to.

New device every day

[Overzeetop]

This is why, at the end of each day, I use a sledge hammer to pound my phone, all my computers, my wireless equipment, and my ISP interface into little pieces and then put them all in a 3000 degree furnace before burying them in the backyard. Each morning I get up and install all new equipment, then reinstall everything from the original CDs, creating a day-unique username and password for everything. Sure, it takes a while, and costs a few thousand dollars a day, and restoring my 5TB movie server from backup is a pain, but it's the price I pay for convenience and privacy.

Re:New device every day

[rgbscan]

I call shenanigans. Everyone knows your department ran out of money after spending 2.7 million in taxpayer dollars doing this :-)

Re:New device every day

Mod parent up, that's hilarious!

Also, I posted already to http://seenonslash.com/, one of the best I've seen in a while.

Situation may not be as it appears

[Zontar_Thing_From_Ve]

Looking at the comments in the first link in the original post is useful. One comment says that the only thing the panicked bug reporter knows is that the WLAN password was retrieved in the clear, but it could be that this information actually is encrypted but the retrieval decrypted it. In other words, things may not necessarily be as the original post and the bug reporter suggest. There is a chance that things are exactly as bad as suggested though. At this point only Google can say for sure how it is.

Re:Situation may not be as it appears

[bill_mcgonigle]

At this point only Google can say for sure how it is.

Is the Google backup service in Cyanogenmod a binary blob?

Re:Situation may not be as it appears

[swillden]

One comment says that the only thing the panicked bug reporter knows is that the WLAN password was retrieved in the clear, but it could be that this information actually is encrypted but the retrieval decrypted it.

Google uses SSL for basically everything, so it was almost certainly SSL-encrypted in transit.

Works as intended

I backup data to a server, I restore data to my phone. OMG!!! They are storing my data noes!!!! This is just fear mongering.

Google Is providing a data backup service (which is opt-in at first boot) that backs up your data and you'd like them to encrypt the data then, what delete the key? Maybe have you type in a second password? Seriously, why make the android first boot process more cumbersome.

Re:Works as intended

[ancientt]

Good for you for recognizing the obviousness of the situation. There are ways around it; they could have set up a password for your backup that means everything backed up is encrypted, but then you'd need a password you would likely forget by the time you need it, or they could tie it to a requirement that you lock your phone with a PIN/password, but then a lot of people would be frustrated that it wasn't as easy to use their phone if they want a backup. The situation as it is, that you want your system backed up by google and they want to offer it means that there has to be some sort of compromise and they went for the one that would be easiest for the most users.

I wish they'd given an option, but then I don't worry about my wifi passwords getting out since I treat this wifi stuff as a whole seperate domain of insecurity to begin with.

Yet another reason not to use Android

Yet another reason not to use Android. When will people learn...

Scroogled again!

You fanbois sure do love getting it up the bum.

Re:Scroogled again!

And you low life MS hooligans sure love swallowing jism.

Suspicion !== fact

[tomxor]

seriously what the fuck...

Title: "Google Storing WLAN Passwords In the Clear"

Post: "So far it's not known whether the passwords are stored encrypted"

fuck you "husemann", i don't care if this is about google or MS that everyone loves to hate, it's BS and so are you. by your logic I might as well make this post:

Airbags cause heads to fill with raisins and explode:

... it is not yet known if airbags cause heads to fill with raisins and explode.

Re:Enough is enough....

LOL stupid little M$ shits. It must be so difficult being ridiculed at everything you do.

Google?

Oh you mean settings on Android devices.

Whew, I was wondering how Google could be getting my passwords.

Existing Standards

I usually don't take Google's side (they gave up Don't Be Evil years ago), but I don't think this is a vast conspiracy to steal everyone's wifi PWs.

Google didn't write most of their wireless layer - they re-used wpa_supplicant. The PWs are stored in cleartext because they have to be stored that way in wpa_supplicant.conf. The sync process is probably akin to a simple rsync of /system/. It's possible that someone at Google noticed this and chose to ignore it, but it's more likely that no-one really thought about the security implications of blindly syncing all system configuration files without encrypting them locally first.

Re:Existing Standards

[Arker]

Your point is that this is better explained by laziness or incompetence, rather than malice?

I'll give you that. At the moment it seems likely to be somewhat correct. So what?

Not only Passau

Just to make the point: The University for Applied Sciences at Deggendorf (incidentally, just about 50km from Passau) also issued a warning to its staff and students. They also asserted that using the option to store passwords with Google may be in violation of their terms of service (since users are not allowed to share their password with third parties).

This was revealed many places a while back

[DarkFencer]

This was revealed many places a while back. Dragorn of Kismet covered it back in 2010:

http://blog.kismetwireless.net/2010/08/google-wifi-android-and-too-much-data.html

No passwords.

[matria]

I don't use passwords with my wifi router. I use the MAC filter. Only the devices I add to the list can access my router. Plus my house is wired for Cat5. Good luck breaking into my systems.

Re:No passwords.

[dltaylor]

And MAC spoofing has been around since 5 minutes after MACs were invented. The wired is a little better, until they (whoever "they" are) install a passive tap.

Re:No passwords.

I don't use passwords with my wifi router. I use the MAC filter. Only the devices I add to the list can access my router. Plus my house is wired for Cat5. Good luck breaking into my systems.

ROTFL.

Hope you are kidding.

MAC filtering takes less time to fake out than it did to type this post.

Re:No passwords.

Shhhh let him live in his secure utopia.

Re:No passwords.

You realize that MAC addresses are sent over air and can easily be spoofed, right? For example, your router likely has the capability of spoofing a device that's on your network (all of mine do):

http://jimwarholic.com/uploaded_images/linksys_clone_mac_address-755047.jpg

Re:No passwords.

Thank you for posting your MAC address.

NSA

Grahmer

surprising, too put it nicely.

surprising, too, put it nicely.

FTFY... but who the hell is 'surprising'?

Encryption is no panacea

[Arker]

Here's the thing. Even if you encrypt the data before giving it to them, and dont keep the key (which is much harder to do than to say) so what? Do you really think any encryption algorithm you are going to use today will stand up to the tools available to script-kiddies in 5 or 10 years? You do understand that once you put something 'in the cloud' it's probably never going away, right?

Re:Encryption is no panacea

[blueg3]

Both AES and 3DES were first published 15 years ago.

Neither of them can be cracked today. Certainly not by tools available to script kiddies.

The weakness in security systems is everywhere but the encryption (okay, and also in shoddy implementations of encryption) -- particularly, how the key is stored or derived (e.g., deriving the key from a low-entropy password).

So, yes, it is actually quite reasonable to bargain that encryption used today will be uncrackable 10 years from now.

Re:Encryption is no panacea

[swillden]

Do you really think any encryption algorithm you are going to use today will stand up to the tools available to script-kiddies in 5 or 10 years?

Yes.

http://www.keylength.com/en/4/

Re:Encryption is no panacea

[Arker]

Even assuming there is no way to break it except brute force, processor power has been increasing exponentially for a long time. If that continues, it will indeed be possible for script kiddies to brute force your encryption before many more years have passed.

Re:Encryption is no panacea

[bloodhawk]

You don't seem to have any concept of just how much processing power it would require to brute force. Even if we continued exponentially growing compute power for the next 50 years it still won't be a feasible attack vector.You are talking trillion's of years of computing time for something like the address space in 256bit AES and it would only be that quick if you could process trillions of keys a second.

Re:Encryption is no panacea

If computing power massively accelerated, say doubled in power every year. e.g. 2,4,8,16,32,64x performance (pretty unreasonable). Even with that growth a 256 bit AES isn't going to be feasible to brute force with computing power achievable by the end of this century.

Re:Encryption is no panacea

[lgw]

256bits is really, staggeringly huge.

There's a minimum amount of power required to flip one bit in quantum mechanics. We are many orders of magnitude less efficient right now, but that power requirement is a hard limit set by the universe. Just to count to 2^256 would require more power than the output of the Sun for the lifetime of the universe.

No one recognizable as human will ever brute-force a strong 256-bit key.

Re:Encryption is no panacea

[Arker]

Those are good arguments, that I cannot rebut on their own terms.

All I can say is that I can remember algorithms going from practically unbreakable to trivially cracked within my lifetime, and I have seen computer power increase from the point where every cycle on that CPU was a precious resource to be conserved in any way possible, to our current state where people routinely throw away the equivalent of dozens of CPUs just to save typing a few lines of code. My gut tells me you cannot rule out another leap in capability that will render all your encryption for not, and again, 'the cloud' is never going to forget.

Re:Encryption is no panacea

[lgw]

What you're missing is there's an exponential vs exponential thing here. Compute growing exponentially means the number of bits you need in a key grows linearly. And in a couple hundred years we can't finally get to 256 bits being brute-forcible, because we hit hard limits first.
 

Re:Encryption is no panacea

[Arker]

That might be true.

On the other hand someone may discover some mathematics that changes your evaluation any day now.

The unfortunate fact is there is a decent chance that persons discovery wont be published, you wont even know about it, the info will be slapped "Top Secret" and while your government minders and Chinese competitors will know about it, you might find out 10 years later, after they have destroyed you financially and privately.

Better just to avoid the cloud I think.

Re:Encryption is no panacea

[10101001+10101001]

Except I think you're ignoring thermodynamics. Specifically, while performance has gone up exponentially, processing power/watt hasn't faired nearly as well--that is, it's on a much shallower line. Consider that today, the whole world's computing power combined isn't capable of cracking something like AES-128--a source from 2011 indicates the computational power of the world then at ~6.4*10^18 operations/second or ~2^63 ops/second which, even exceptionally optimistically, would mean ~2^64 (128-1-63) seconds to brute force a key.or ~585 years.

To get that figure down to under a year would require ~10 doublings. That'd take ~18 years, but performance/watt would only have doubled ~6.2 times. So, total power usage would have to go up 16 fold. And of course, that's all insanely optimistic given the truth that (a) most computers aren't replaced every time performance doubles, (b) not all those computers are under control of one organization, (c) even if they were, that'd mean 100% usage (GPUs too) devoted to the one task of cracking *one* key, and (d) actually cracking a key is probably at least two orders of magnitude off from what I'm figuring.

PS - This is all based on Server Trends and an Arstechnica article on world storage/computation power, so take from it what you will.

Re:Encryption is no panacea

[Arker]

Ok, say you are right. What happens when the next major development in computing is a breakthrough that gives us a practial way around those limits?

Are you sure there wont be such a development within your lifetime? Completely sure?

Are you sure that when the next such development occurs, it wont be kept in-house between the top 'national security' agencies, and you wont have all of them covertly having access to your backups to search through for something useful should you wind up in commercial competition with some undersecretary's second mistresses third cousins firm?

Re:Encryption is no panacea

[10101001+10101001]

Ok, say you are right. What happens when the next major development in computing is a breakthrough that gives us a practial way around those limits?

Ie, I'm not right. :) Seriously, the next major development in computing as a breakthrough is precisely how we got here. Here is just simply amazing. But I don't think we're anywhere near the sort of development to seeing the equivalent of the whole world's computational power being in one system on one person's desk. Imagine trying to cool the thing. :)

PS - Yea, I can see hints of the "only five computers in the world" in what I say. But, there's clearly a difference in scale being discussed as we're already starting to reach actual physical, quantum limits in the construction of CPUs. So, the ability to shrink in size and power usage would seem to actually start to be bounded.

Re:Encryption is no panacea

[lgw]

On the other hand someone may discover some mathematics that changes your evaluation any day now.

But we were talking about brute force.

Better just to avoid the cloud I think.

Or aliens could invade and use your datacenter for parking! Your only safe bet is the cloud!

Seriously, that sort of crap is vastly less likely than your business going under in the normal course of events. Encryption is useful if it keeps data out of the hands of you're competitors for long enough that they gain no advantage from it - that's all it has to do (well, and the algorithms chosen need to pass any auditing requirements).

Re:Encryption is no panacea

[bingoUV]

I have an evil plan to thwart that - I will change my Wifi password. Muhahahaha.

Re:Encryption is no panacea

[bloodhawk]

We are not talking simply a drastic increase in computing power here, There would need to be some truly astounding new understanding and application of hereto unknown physics to overcome the computation workload. We aren't talking about just an amazing increase in power but a complete reworking of physics out current understanding of physics.

why this doesn't matter

Google is either storing it in the clear or encrypting it but also storing the key that encrypts it. And it all has to do with customer service.

If you rely on the customer remembering their key and they lose it, then they lose their data. If you store it, and the customer loses their key, then you can reset the key and change it to something else, while then allowing the customer access to their backups again. In this case I am referring to the password. There is no way around it. And it happens way too many times, especially those of us who work tech support, where someone loses or forgets their password.

So if you really want it encrypted without google knowing the password, then ask for that option. The rest of the public would rather be able to reset their password without losing access to their backups.

And I'll mention the obvious, wireless passwords are never fully encrypted. You can always reverse the encryption because it needs to know it in order to connect to the wireless gateway each time. Every OS does this. Don't act surprised now.

Of course

[J'raxis]

Well of course they're storing them in the clear. How else could they send them to the NSA?

Wifi

[Tekoneiric]

I know this article is more about Google but I really wish the wifi standard had provisions for separate usernames and keys/passwords for each user. One becomes compromised and you change it. As it is now you change the key and you have to change it on sometimes dozens of devices to which you run the risk of it becoming compromised again.

Re:Wifi

[Dynedain]

The WiFi standards do. Check for WPA Enterprise in your security config. Every wifi router I've messed with supports it.

Downside is it requires you to run a separate authentication server (usually RADIUS) to support it.

Re:Wifi

[ancientt]

I remember when I discovered how PKI works and I was stunned at how many uses there are for it. I am surprised that there isn't already some provision to use it with more things, WIFI included. Ideally each person connecting should get prompted that they need to provide a public key, the phone or tablet or whatever should automatically generate one and then they would be prompted to enter a passphrase for it, then it would be used for that wifi from then on. You could add a "offer to this phone" or "next connection" or "confirm with this code" option to the process to ensure security and you could add a key manager (love pagent) tool to the mix so that you'd only need to enter your passphrase once per reboot and wifi administrators could disable keys on a per person basis. It is worth noting that Radius servers do something close enough to that already, but who has time to manage a Radius server if it isn't built into the Wifi controls and so far as I can tell, none of the Wifi manufacturers do that.

Re:Wifi

[Tekoneiric]

I'm referring to setups for small home and offices not Enterprise. I know you can setup a Radius but that is way more involved than most people are willing to go. It should be something more basic that doesn't require extra servers and hours of setup. Something in the SOHO router. Even separate keys for each MAC address would work. The MAC would basically become the username at that point.

Apple Keychain

[rsborg]

Strangely missing from the summary is the fact that this only affects Android devices, as far as I read in the article. While most phones allow you to easily "show" aka decrypt and view your wifi password for a network you hopped in ages ago, I happen to know that all desktops and laptops with Windows XP-7 do the same. They're also easily recoverable by third party instant decrypts too. So if you think plaintext or reversible encryption storage of passwords is the problem, that's all devices everywhere, with or without Google. The problem is Google actually having your password.

Untrue. Apple's Keychain encrypts it with your login password. So on-disk it's encrypted appropriately, and in-memory it's locked as soon as you lock your computer. You also get this behavior with ssh-agent which is one thing that makes OSX better than most linux distros.

It's a liability that Google should avoid

[rsborg]

Do you really think that Google is going to be fetching your phone backups, hoping for a wireless password, then driving to your house and connecting to your wifi so that they can... sniff your traffic? Impersonate you on the internet?

Whether or not someone thinks they want to, the question I have is that if you're running a Google O/S, with a good chunk of your stuff available using Google software via Google products, why in the world would Google ever need your wifi password to access your wifi network?

If Google wants to fuck over an Android user (and I'd bet that even Kindle users aren't 100% immune), they almost certainly can. It might be via internally-identified Chrome exploits or something, but I have no doubt they could come up with something.

They are probably unlikely to maliciously use this information. BUT IT EXISTS - and the NSA can ask for it - or a very determined intrusion team could get at it - all of it.

It's like a company that stores your CC information in plaintext on their servers - not a sign of maliciousness, but stupidity that someone could leverage to their own gain and your loss.

You know there's PCI compliance requirements that punish and fine companies for doing shit like that. There should be something similar for personal actionable information like SSNs and WiFi passwords.

Hardly News

[lars_boegild_thomsen]

And this is a surprise or news worthy why? This application:

Wifi Key Recovery

Has been in Google's Play store forever. That strongly indicates that the key's are not stored encrypted (or with a very simple encryption) and that Android "secure" them by not giving normal applications access (the app require root to function).

This is actually really useful

[thisisauniqueid]

So who knows if they're stored in the clear or not. Probably not, Google is moving to encrypt all data on all services at rest and in flight. But this feature is actually really useful. If your phone has previously connected to your Wifi router at home and you buy a Nexus 7, it will connect to the router without you having to enter a password. For devices like the Nexus Q and Google Glass, this is a killer feature.

Re:This is actually really useful

[Arker]

You are being ridiculous. You are happy to give up any pretense of privacy on your home wireless network for the convenience of not typing in, what, 16 digits? Probably less, and only once.

You are the person Ben Franklin was thinking of.

Does it matter?

The NSA already has your data before you even send it to google.
They have contributed code to android and no one has shown a full security audit of the OS that I have seen.

Not necessarily true, but that's irrelevant

[Trogre]

As others have pointed out here, it's not established that Google is storing these passwords in the clear, merely that they are stored in a reversible format. That this information needs to be able to be recovered should be obvious to all but the most clueless of users.

But it doesn't matter.

No one with any expectation of privacy will be storing passwords online anyway - as soon as you upload a secret to an online service (aka some other guy's computer), it can no longer be considered a secret. This may be a perfectly acceptable tradeoff to some people for very low security applications like web forums, etc, but certainly not anything serious. Just don't kid yourselves that your passwords can be safely stored online and remain yours alone.

Too much trust!

[Tours+Georgia]

i agree with many of yours. Too much Trust to Google. But only bad people have something to hide...

Re:Who to trust Tahoe LAFS

With Tahoe-LAFS.org everything is encrypted on your client before sending to server.

Havenco starts offering storage space for rent.

they are not encrypted

[X0563511]

Look in /data/misc/wifi/wpa_supplicant.conf (requires root)

Likely their backup is just a copy of that file...