Android: Google Silently Storing WiFi Security Data
April 21, 2011
When I bought a Motorola Xoom I noticed a ‘feature’ that consumers might appreciate but companies should be aware of, namely that Google apparently stores the wireless access point information including SSIDs and passwords from Android devices within the user’s Google account.
After I brought my new Xoom home, I realized it connected to my home wifi without prompting for a passphrase. This prompted me to investigate further. Sure enough, there on this brand new Honeycomb tablet were all the wifi networks I utilize including WPA2 passphrases. This tells me that my Android 2.2 phone has likely been sending this data up to Google all along but that it took seeing it on the new tablet to recognize this fact.
Apparently the setting on the phone to “Back up my data” (under Privacy settings) includes this information even though the description only says “Back up my settings and other application data.” I certainly did not recognize that my settings would include the security information for these wireless environments. It would be far better if Google had broken out the security information as a separate item that could be granularly backed up or not.
In a corporate environment this could be a real problem. I see two issues pop to the surface. First, if an attacker were to break into an employee’s Gmail account, they could potentially extract the keys to access your corporate wireless network as that employee. Second, when you terminate an employee, even if you recover their phone (should it be a company provided asset) they could have continued access to your wireless environment from a personal phone if their first one was synced with a personal Gmail account they continue to possess. Either of these scenarios is quite possible and potentially common, particularly in the SMB space.
Luckily, the defense against both of the above scenarios is the same. Wireless networks should absolutely be segmented, insulated, and monitored. Further, it may be appropriate to provide a second, internet-only wireless network for devices like smartphones to get outbound access while not being able to communicate at all with local IT resources. Finally, the access to the wireless network should have some sort of changing access method, whether that is monthly changes of a general passphrase or individual certificates that can be revoked when appropriate.
In a perfect world the vendor (Google) would provide the relevant security controls to allow users to control this type of behavior, and even better, they would enable them by default. Right now though you need to be aware and watch out for yourself.