Android stores unencrypted Wi-Fi passwords on Google servers.
I offer you a brief translation of an article from H-Security .
As it became known, the “Backup” function stores passwords from your Wi-Fi networks in unencrypted form on the Google server.
The bug was openedand closed on July 12th.
It is interesting that the backup on most devices is enabled by default and does not require any passwords from the user, and Google does not warn you about what data may be in its possession in the form of text.
Resetting phone data and synchronization with Google account will immediately return all passwords from used networks, a thing that seems to be good for the user, however, Google has the largest database of not only Wi-Fi network names, but also passwords for them. In the light of recent events, I don’t really want something. The American special services could so easily gain access to home and corporate networks.
Some universities have already taken care of the problem, as the University of Passau in Germany emphasizes that according to §6 of the Terms of Use of the Computing Center, the user undertakes not to transfer his data to third parties and to protect his data from them.
')
Transfer:
The user undertakes not to transfer data of his accounts to third parties, as well as to protect them (data) from use by third parties. This is especially true for passwords.
It is noteworthy that Google Chrome provides synchronization using a user password, FireFox too.
Apple saves Wi-Fi passwords in encrypted form (AES) using a 256-bit key that is stored only on a specific device (another device will not be able to decrypt this data). This is described in the documentation for iOS .
As it became known, the “Backup” function stores passwords from your Wi-Fi networks in unencrypted form on the Google server.
The bug was opened
It is interesting that the backup on most devices is enabled by default and does not require any passwords from the user, and Google does not warn you about what data may be in its possession in the form of text.
Resetting phone data and synchronization with Google account will immediately return all passwords from used networks, a thing that seems to be good for the user, however, Google has the largest database of not only Wi-Fi network names, but also passwords for them. In the light of recent events, I don’t really want something. The American special services could so easily gain access to home and corporate networks.
Some universities have already taken care of the problem, as the University of Passau in Germany emphasizes that according to §6 of the Terms of Use of the Computing Center, the user undertakes not to transfer his data to third parties and to protect his data from them.
')
Die Benutzung anderer als der zugeteilten Benutzerkennung zu unterlassen and die zugeteilte Benutzerkennung vor
Transfer:
The user undertakes not to transfer data of his accounts to third parties, as well as to protect them (data) from use by third parties. This is especially true for passwords.
It is noteworthy that Google Chrome provides synchronization using a user password, FireFox too.
Apple saves Wi-Fi passwords in encrypted form (AES) using a 256-bit key that is stored only on a specific device (another device will not be able to decrypt this data). This is described in the documentation for iOS .
Source: https://habr.com/ru/post/190710/
All Articles