Google Storing WLAN Passwords In the Clear

First time accepted submitter husemann writes "Micah Lee from the EFF filed a bug report about Google storing all your WLAN passwords on their application settings backup service without allowing you to encrypt them. So far it's not known whether the passwords are stored encrypted at rest, but just the fact that Google can read them (and disclose them if forced by 'law') is a bit surprising, too put it nicely. Already one German university is concerned enough about this 'feature' that they issued a warning to their users."

Too much trust

[Linux+User+33]

I think this is perfect example again that we put too much trust on Google. They have repeatly broken that trust and yet some people continue to trust them. This data also goes directly to NSA and FBI. I think both FCC and European Commission should hit them hard, upto jailing the top executives.

Re:Too much trust

[gl4ss]

you're wrong, they have time and time assured that the data doesn't go DIRECTLY to NSA. it goes through their servers, see, and they get to bill for it.

Re:Too much trust

[kasperd]

I think this is perfect example again that we put too much trust on Google.

Google isn't the problem. The American government is. Which means if you want to be safe, stay away from USA and don't trust any companies based there.

If you happen to live there already, maybe it is about time you let the government know, you are not satisfied with their work.

Re:Too much trust

[Grishnakh]

Not trusting any American companies with your data is of course prudent, in light of PRISM, however this doesn't mean your data is safe anywhere else either: if it's in France, Germany, or UK, they all have spying programs that are just as bad. And even if you keep your data in a relatively-safe country that probably has no spying at all, such as Switzerland or Iceland, that's no guarantee that the company hosting your data isn't just plain incompetent. If Google can make a mistake like this, anyone can.

Of course, since it's impossible to be 100% risk-free, it does make sense to try to mitigate that risk by avoiding obviously-bad choices, like using American companies.

Re:Too much trust

[St.Creed]

No serious company can afford to move completely offshore, out of touch with its armed defense (the US army), unless it has ties to another set of rulers. Social and economic ties to the USA are all very strong for Google. They could never move.

They could move their HQ - I'm sure they'd find out pretty soon that it would be difficult to get the same access to the rulers as they have locally. They didn't go to school with the players, they aren't married to people who know the players, they don't have the right employees, they don't really know the customs, etc. etc. I'm sure you can rebuild Google somewhere else, if you must, but it will only be the name and not the company that moves.

Re:Too much trust

[PopeRatzo]

the data doesn't go DIRECTLY to NSA. it goes through their servers, see, and they get to bill for it.

And if there is one thing that history has taught us, it's that if they're giving your passwords to the government, then they're also selling it to the highest bidder.

I thought about that with the Edward Snowden/Booz Allen stuff. Now Booz Allen is a firm that, besides the government, has a lot of private clients that hire them to do the data upskirting. If they're collecting stuff for the NSA, how much are you prepared to trust that none of that stuff is also going to their private clients. I know if I was some evil company looking for your personal data, and Booz Allen was my consultant, I'd be expecting a little "benefit" from their relationship to the NSA, know what I mean?

The ugliest part of the corporate/government intrusion into our personal lives and information is the fact that so much of it is being privatized to companies who also work for other companies and maybe other individuals who all have their own reasons for wanting your shit.

Re:Too much trust

[gl4ss]

What the fuck is the difference?

the difference is quite simple: with the french you can just treat them as normal eavesdroppers on your tcp connection. like some dude hanging on the same open AP. the solution to that is to just have encrypted connections to whatever service you want to use..

but with nsa and and ms/google/yahoo whoever.. it doesn't matter that your connection to them was encrypted, as they as your "business partner" sell the data off to nsa(forcibly, but they still get a buck). with them the only way is to not use their services - or any american hosted/owned services.

it's not a great difference, but a difference still.

This is why I turned off backup

[DigitAl56K]

I turned off Backup on Android after discovering this. They're going to have to store them in the clear (or I guess reversible), so that the "backup" is reversible - i.e. you recover your backup or add a new phone to your account and it "just works" with your wifi.

However, there's no in-between. I can't choose to backup certain things but exclude very sensitive things, like my wifi password and other credentials. Given what we know about government snooping and the constant notices of breached databases these days, I just don't want to use the backup feature at all, and anyone who does is taking a bit of a gamble IMO.

Can't we have a sub-option to "also include credentials", at the very least?

Re:This is why I turned off backup

[gstoddart]

I turned off Backup on Android after discovering this.

I turned it off before I ever knew this, because I'm increasingly finding that I don't trust Google -- either in intent or execution.

All they want to do is collect all of your information and use it to sell advertising, they don't give a damn about your privacy.

And that stupid Google+ might be the last straw since everything is trying to foist it on me and I have no interest in it.

But, I gotta ask ... if we don't trust Microsoft and Google, who is left?

Re:This is why I turned off backup

[DigitAl56K]

But, I gotta ask ... if we don't trust Microsoft and Google, who is left?

I am fine with trusting Microsoft and Google, and indeed anyone with a reliable infrastructure, to provide a backup hosting service that significantly improves the experience with my phone in the event of a disaster. I'm just not fine with entrusting them with access to the contents of those backups, especially when I may not even be aware of or have granular control over what is in them.

A backup passphrase that only I know, and restricting processing to the client-side, would be sufficient to achieve this.

Re:This is why I turned off backup

[dj245]

if we don't trust Microsoft and Google, who is left?

Don't even think about trusting yourself. I made that mistake once, and I slipped myself some roofies and date-raped myself.

Re:This is why I turned off backup

[Grishnakh]

It seems to me this would be a good place for the alternative ROMs like CyanogenMod to offer non-Google versions of Android which they've certified (by making all the source code open and available, at least for the relevant parts) to work properly in this regard, allowing you to back up data on Google's hosts, but ensuring that it's all encrypted by a passphrase which Google has no access to.

Re:This is why I turned off backup

[Nerdfest]

The sad part is that Google damn near at the top of the privacy trust-worthiness scale. Almost everybody else is worse. If you really care about your privacy you need to avoid all hosted services and do everything yourself.

Have an untrusted network

[PvtVoid]

This kind of shit is exactly why, as soon as I got an Android smartphone, I also installed a second wireless router, with its own encryption password, outside my firewall. Anybody who wasn't already assuming that smartphones and tablets are anything other than hostile network actors is an idiot.

Re:Have an untrusted network

[Russ1642]

I only do my top secret browsing through two separate secure proxy services. NSA will never know that I watch My Little Pony.

more info

[slashmydots]

Strangely missing from the summary is the fact that this only affects Android devices, as far as I read in the article. While most phones allow you to easily "show" aka decrypt and view your wifi password for a network you hopped in ages ago, I happen to know that all desktops and laptops with Windows XP-7 do the same. They're also easily recoverable by third party instant decrypts too. So if you think plaintext or reversible encryption storage of passwords is the problem, that's all devices everywhere, with or without Google. The problem is Google actually having your password.

Apple iOS

[EkriirkE]

While not storing cleartext, they do store your WiFi passwords in a reversible encryption. If using WPA I think they should just store the ssid:phrase hash instead of keeping the phrase. WEP can't be helped... Anyhow, Apple stores all passwords in their keychain and this is easily snooped. Jailbroken iOS devices can get "WiFiPass" to reveal all the AP & passwords its ever connected to. It's handy when I pass my device to an AP owner to "privately" enter their password but I want to associate more devices, I just load that program and see what it was and do it myself.

Do no evil

[sproketboy]

But I guess they do a lot of stupid.

So what?

[__aawavt7683]

So what? Concern where concern is due. Do you really think that Google is going to be fetching your phone backups, hoping for a wireless password, then driving to your house and connecting to your wifi so that they can... sniff your traffic? Impersonate you on the internet?

How does this in any way matter? even if the password _were_ encrypted, it's reverseable encryption -- it _has_ to be. So they could just decrypt it, anyway. This is the same as on Windows: you can get a wireless key viewer that gives you the password of every network that Windows has memorized. Further, your computer is probably a great deal more accessible to anyone, especially those who are interested in your wireless network, than Google's phone backups.

As for those who are going to say, "Let the user encrypt it with a password!" ... most don't do that. Most people won't put one in, many will forget it if they do, you can't link it to a phone identifier because part of the purpose is in case the phone is lost, and part of the functionality is syncing to Google services -- so it has to be decrypted anyway. Wake me up again when Google syncs all the pictures you've taken with your camera to Picasa and posts them on your auto-created Google+. That'll be a fun day.

Re:So what?

[Zalbik]

How does this in any way matter? even if the password _were_ encrypted, it's reverseable encryption -- it _has_ to be. So they could just decrypt it, anyway.

Wrong. It could be encrypted with a key that only the user knew. With proper key choices Google would have no way of decrypting

I know some people like to believe that if Google, the NSA, the Chinese or some other group really really wanted to, they could decrypt any encrypted information, even without the password.

This is false. It is still infeasible for anyone to crack Triple DES info encrypted with a reasonable choice of keys.

Re:So what?

[whois]

If you're a company and anyone associates to your corporate network using an Android phone, you've now got a problem.

And how are you supposed to stop this with policy other than blanket banning android phones? Ignore the fact that google is "good guy google" and think about what happens if the database is somehow exposed to hackers, or if there is a malicious google employee who decides to sell 1.4 million wifi passwords?

New device every day

[Overzeetop]

This is why, at the end of each day, I use a sledge hammer to pound my phone, all my computers, my wireless equipment, and my ISP interface into little pieces and then put them all in a 3000 degree furnace before burying them in the backyard. Each morning I get up and install all new equipment, then reinstall everything from the original CDs, creating a day-unique username and password for everything. Sure, it takes a while, and costs a few thousand dollars a day, and restoring my 5TB movie server from backup is a pain, but it's the price I pay for convenience and privacy.

Situation may not be as it appears

[Zontar_Thing_From_Ve]

Looking at the comments in the first link in the original post is useful. One comment says that the only thing the panicked bug reporter knows is that the WLAN password was retrieved in the clear, but it could be that this information actually is encrypted but the retrieval decrypted it. In other words, things may not necessarily be as the original post and the bug reporter suggest. There is a chance that things are exactly as bad as suggested though. At this point only Google can say for sure how it is.

Works as intended

I backup data to a server, I restore data to my phone. OMG!!! They are storing my data noes!!!! This is just fear mongering.

Google Is providing a data backup service (which is opt-in at first boot) that backs up your data and you'd like them to encrypt the data then, what delete the key? Maybe have you type in a second password? Seriously, why make the android first boot process more cumbersome.

Suspicion !== fact

[tomxor]

seriously what the fuck...

Title: "Google Storing WLAN Passwords In the Clear"

Post: "So far it's not known whether the passwords are stored encrypted"

fuck you "husemann", i don't care if this is about google or MS that everyone loves to hate, it's BS and so are you. by your logic I might as well make this post:

Airbags cause heads to fill with raisins and explode:

... it is not yet known if airbags cause heads to fill with raisins and explode.

Encryption is no panacea

[Arker]

Here's the thing. Even if you encrypt the data before giving it to them, and dont keep the key (which is much harder to do than to say) so what? Do you really think any encryption algorithm you are going to use today will stand up to the tools available to script-kiddies in 5 or 10 years? You do understand that once you put something 'in the cloud' it's probably never going away, right?