It’s been an interesting year in the world of IT security and privacy. It turns out that all the world’s spy agencies are, in fact, spying on each other. Shocking, right? OK, so they aren’t just spying on other spies but probably you and me as well to one degree or another. How much do they know? How long have they known it? How is the information being used?
I think the best answer is a quote from Tom Waits that predates this latest controversy but is quite apropos, nevertheless …
“The folks who know the truth aren’t talking. The ones who don’t have a clue, you can’t shut them up.”
In other words, don’t believe everything you hear because the people making the most noise tend to be those with the least actual information. At the risk of falling into that latter category I will suggest that the organizations that might know more about you than the TLAs (Three Letter Agencies) are the ones that we voluntarily give up our personal information to in exchange for free email, social media, cloud storage, navigation services, etc.
Along those lines comes a revelation that sits squarely between the uncomfortable intersection of security and convenience — your wifi passwords. If, for instance, you have an Android device you probably connect it to a wireless LAN on occasion. Unless you enjoy typing in long, complicated passwords on tiny keyboards, you probably opted to let the OS store this info for future use. For further convenience you probably allow Google to back up the settings on your phone since this makes recovery far easier when you get a new one. All very nice but …
This means that Google is storing all those “secret” passwords somewhere in their cloud. Who has access? How well is it secured? How could this information be used/abused? Now the heartburn begins…
I have no idea whether Google does a great job or a poor job of securing this data just like I have no idea how well credit card numbers and other sensitive information is being secured on systems for major retailers but I do know that at least in the case of the latter there have been some major breaches. We might not know about these failures were it not for legislation that requires public disclosure of such incidents and I suspect we wouldn’t necessarily know about similar compromises in social media, email and other Internet-based services.
And don’t make the mistake of thinking that a leak of wifi passwords would only affect a few home networks or that if you choose not to have your info backed up by Google or because you use an iPhone or no phone at all that you will be safe because all it takes is for one user — any user — of any wifi network you use to have saved and backed up this info for it to make everyone on that network at risk.
Just another reason why you should make sure that you use a good VPN or SSL connection, even when you think you are on a secure wifi network…
Inside Internet Security 