Your secret Wi-Fi password is no secret to Google
You know that home Wi-Fi network you have? The one with the super-complicated password you came up with to keep your neighbors from jacking your connection?
Chances are, Google knows that password.
If you've ever logged on to your network with an Android device, or even if it was just a friend logging on just once, chances are Google has your password stored in their servers. In fact, it's very possible that Google knows just about every Wi-Fi password in the world.
It's not a secret, exactly, as Michael Horowitz at Computer World points out in a recent blog post. The issue has been covered by several prominent blogs, but during the current privacy backlash against tech companies, the collection of millions of Wi-Fi passwords has mostly flown under the radar.
But it's a notable issue. As Horowitz points out, an estimate 748 million Android phones will be sold in 2013 (a figure that does not include tablets). And most of these devices are backing up Wi-Fi passwords as part of their default settings.
"Many (probably most) of these Android phones and tablets are phoning home to Google, backing up Wi-Fi passwords along with other assorted settings," he writes. "And, although they have never said so directly, it is obvious that Google can read the passwords."
This has been the default setting for Wi-Fi passwords since version 2.2 of the Android operation system. It's been presented as a positive feature for users, one that makes it easier to save data and configure a new phone. But for those who don't want the feature, it can be tricky to change. Depending on which version of the Android platform you have, you either have to go to "Backup my Data" or "Backup and Reset" to do the necessary configuration.
But it's not just your home Wi-Fi account. Android phones are set to automatically remember the passwords of any Wi-Fi network according to the Register:
"The list of Wi-Fi networks and passwords stored on a device is likely to extend far beyond a user's home, and include hotels, shops, libraries, friends' houses, offices and all manner of other places. Adding this information to the extensive maps of Wi-Fi access points built up over years by Google and others, and suddenly fandroids face a greater risk to their privacy if this data is scrutinised by outside agents.
These revelations are troubling for privacy advocates who fear all this information is ripe for government cherry picking if any U.S. intelligence agency were to compel Google to give up information on one of its users. As Micah Lee of the Electronic Frontier Foundation blogged, its reasonable to expect that these passwords are not secure in Google's servers, readable by anyone.
"[T]he passwords are in plaintext, too," Lee writes. "When you format an Android phone and set it up on first run, after you login to your Google account and restore your backup, it immediately connects to wifi using a saved password. There’s no sort of password hash that your Android phone could send your router to authenticate besides the password itself."
It's a serious concern for the many who've suddenly become more conscious of online privacy issues in the wake of NSA leaker Edward Snowden's revelations about the PRISM program for monitoring and collecting data. But Google is hardly the only company backing up such information while trying to keep users in the dark.
As cryptographer Matthew Green proved with a simple experiment, Apple is storing user iMessages without user password or device key protection. Similarly, files stored on Dropbox and Microsoft's SkyDrive are readable as well. But Horowitz says Wi-Fi passwords present a critical vulnerability.
When contacted by ArsTechnica about this issue, a Google spokesperson responded by highlighting the convenience of automatic backup.
"Our optional ‘Backup my data’ feature makes it easier to switch to a new Android device by using your Google Account and password to restore some of your previous settings. This helps you avoid the hassle of setting up a new device from scratch. At any point, you can disable this feature, which will cause data to be erased. This data is encrypted in transit, accessible only when the user has an authenticated connection to Google and stored at Google data centers, which have strong protections against digital and physical attacks.”
Illustration by Jason Reed