Posts Tagged ‘google’

It’s been an interesting year in the world of IT security and privacy. It turns out that all the world’s spy agencies are, in fact, spying on each other. Shocking, right? OK, so they aren’t just spying on other spies but probably you and me as well to one degree or another. How much do they know? How long have they known it? How is the information being used?

I think the best answer is a quote from Tom Waits that predates this latest controversy but is quite apropos, nevertheless …

“The folks who know the truth aren’t talking. The ones who don’t have a clue, you can’t shut them up.”

In other words, don’t believe everything you hear because the people making the most noise tend to be those with the least actual information. At the risk of falling into that latter category I will suggest that the organizations that might know more about you than the TLAs (Three Letter Agencies) are the ones that we voluntarily give up our personal information to in exchange for free email, social media, cloud storage, navigation services, etc.

Along those lines comes a revelation that sits squarely between the uncomfortable intersection of security and convenience — your wifi passwords. If, for instance, you have an Android device you probably connect it to a wireless LAN on occasion. Unless you enjoy typing in long, complicated passwords on tiny keyboards, you probably opted to let the OS store this info for future use. For further convenience you probably allow Google to back up the settings on your phone since this makes recovery far easier when you get a new one. All very nice but …

This means that Google is storing all those “secret” passwords somewhere in their cloud. Who has access? How well is it secured? How could this information be used/abused? Now the heartburn begins…

I have no idea whether Google does a great job or a poor job of securing this data just like I have no idea how well credit card numbers and other sensitive information is being secured on systems for major retailers but I do know that at least in the case of the latter there have been some major breaches. We might not know about these failures were it not for legislation that requires public disclosure of such incidents and I suspect we wouldn’t necessarily know about similar compromises in social media, email and other Internet-based services.

And don’t make the mistake of thinking that a leak of wifi passwords would only affect a few home networks or that if you choose not to have your info backed up by Google or because you use an iPhone or no phone at all that you will be safe because all it takes is for one user — any user — of any wifi network you use to have saved and backed up this info for it to make everyone on that network at risk. 

Just another reason why you should make sure that you use a good VPN or SSL connection, even when you think you are on a secure wifi network…

There’s a spy in your pocket (or pocketbook or backpack). It’s so well camouflaged that you could stare directly at it and still not realize it’s there. Hiding in plain sight, as it were. In fact, if you are like most people according to a recent study, you rarely let this spy get out of arm’s reach. Are you sufficiently paranoid yet?

Turns out this spy is your mobile phone. It knows pretty much everywhere you go, how long you stay there, who you associate with, who your closest friends are, what you say to them, what you like and what you don’t like, what you’re in the market for and so on. It knows all this because it is the center of your digital life. Your social media accounts, your emails, your text messages, your phone calls, your photographs, your location, your purchases — all that and more are being tracked to one degree or another by Facebook, Google, Apple, Twitter, Verizon, AT&T, Sprint and a host of others.

Maybe none of that bothers you — but maybe this would … what if all that info was available to your ex, your boss, a stalker or just some creep who figured out how to turn your phone into a video and audio surveillance device by planting software on it without your knowledge. With this, your voyeur can turn on the microphone on your phone and listen in to your conversations even when you aren’t on the phone and see you through the video camera and read your emails and texts and … you get the picture.

Pretty creepy, huh? Well, it’s not at all far-fetched. In fact, here’s commercially available tool that will do it for you (Note: I’ve redacted the name of the software because I’m not trying to advertise for it):

PhoneSpyware

… and it’s far from the only option. Here’s an article from PC World that talks about malware that does the same:

http://www.techhive.com/article/2043321/malware-like-program-lets-your-android-phone-spy-on-you.html#tk.nl_today

This really isn’t a new concept as we’ve had malware on PCs that could do this for more than a decade. What has changed is that mobile phones contain so much more info about you and are so portable that they go everywhere with you — everywhere.

Mobile device anti-malware programs can help but that whole industry is still fairly immature so the capabilities haven’t really caught up with the threats just yet. Some of the best things you can do are:

  • don’t download programs from places other than the authorized sources (Google Play, Apple App Store),
  • don’t root your device (even though it’s awfully tempting to do so in order to get some extra goodies that the providers have been denying you) and,
  • just as with PCs, don’t click on links unless you are expecting them and know where they are going to take you — regardless of who they appear to be coming from.

Sorry to be the bearer of bad news and paranoia, but I figure it’s better you know because the bad guys already do…