And if they know, NSA can know. If you use your smartphone to log on to WiFi networks there’s a high probability that you’re unconsciously sending its password to Google or Apple. The keyword is ‘backup’.
Both Android and iOS has nice automatic backup functions in the cloud, which includes your WiFi password among other well… sensistive data.
Go to “Settings” and “Backup and reset”. There’s an option “Back up my data”. On Android 2.x the option is “Back up my settings” or “Back up my data” . There’s no mention about WiFi passwords. Let’s see what the User’s Manual says:
If you check this option, a wide variety of your personal data is backed up automatically, including your Wi-Fi passwords, Browser bookmarks, a list of the apps you’ve installed from the Market app, the words you’ve added to the dictionary used by the onscreen keyboard, and most of your customized settings. Some third-party apps may also take advantage of this feature, so you can restore your data if you reinstall an app. If you uncheck this option, your data stops getting backed up, and any existing backups are deleted from Google servers.
Sweet. It sure makes reinstalls and device upgrades seamless and easy, but… come on. Oh, did I mention it’s not encrypted? See https://code.google.com/p/android/issues/detail?id=57560
Also, this option is ON by default since Andoid 2.2. Cool.
There is a recent report stating that Android sales surpassed iOS sales. The estimated total number of android phones is around 750 million. IPhone is around the same level.
There’s the good old iCloud backup. Apple at least published a Knowledge Base entry about what’s stored in iCloud: http://support.apple.com/kb/HT4865 - the fun part is that it doesn’t mention if passwords are stored or not. It says ‘Backup’ which could mean anything. At least they state it’s encrypted. Whew. By the way anyone who’s ever restored an iOS device knows that WiFi passwords are stored in iCloud backups. Also, Apple can read iMessages. Are WiFi passwords so differently encrypted? I doubt.
How big is this?
Some might say it’s not a big deal. I would have said that had it not been for the latest NSA scandal (or set of scandals…). Since that we all know that US companies can be forced to turn in user data including passwords.
Just imagine all the places you use WiFi on your phone or tablet. Home, school, friends, your workplace, libraries, public hotspots, etc. Apart from the obvious mapping of who you might be in contact with, having access to WiFi passwords is quite worrying.
What holds an NSA employee back from selling company A’s office WiFi password to company B? Because it’s unethical? Yeah, spying on your spouse is also unethical, yet NSA’s been there, done that.
All these recent revelations prove that while we’re advancing more and more to a connected ‘online’ lifestyle, we need to be aware of the privacy concerns and options around today’s and tomorrow’s solutions.
(The featured image is from Reuters)