Microsoft Announces Windows 10 BlackBerry Launches Passport in India for Rs. 49,990 The World's Slimmest SmartPhone : Gionee Elife S5.1 iOS 8 Has Finally Arrived Apple Unveils iPhone 6 and iPhone 6 Plus

Your Android Phone May Leak Your Wi-Fi History

Posted by : Unknown Sunday, 27 July 2014


Do you own an Android device? Is it less than three years old? If so, then when your phone's screen is off and it's not connected to a Wi-Fi network, there's a high risk that it is broadcasting your location history to anyone within Wi-Fi range that wants to listen.

This location history comes in the form of the names of wireless networks your phone has previously connected to. These frequently identify places you've been, including homes ("Tom's Wi-Fi"), workplaces ("Company XYZ office net"), churches and political offices ("County Party HQ"), small businesses ("Toulouse Lautrec's house of ill-repute"), and travel destinations ("Tehran Airport wifi"). This data is arguably more dangerous than that leaked in previous location data scandals because it clearly denotes in human language places that you've spent enough time to use the Wi-Fi. Normally eavesdroppers would need to spend some effort extracting this sort of information from the latititude/longitude history typically discussed in location privacy analysis. But even when networks seem less identifiable, there are ways to look them up.

We briefly mentioned this problem during our recent post about Apple deciding to randomize MAC addresses in iOS 8. As we pointed out there, Wi-Fi devices that are not actively connected to a network can send out messages that contain the names of networks they've joined in the past in an effort to speed up the connection process. But after writing that post we became curious just how many phones actually exhibited that behavior, and if so, how much information they leaked.

In Android we traced this behavior to a feature introduced in Honeycomb (Android 3.1) called Preferred Network Offload (PNO). PNO is supposed to allow phones and tablets to establish and maintain Wi-Fi connections even when they're in low-power mode (i.e. when the screen is turned off). The goal is to extend battery life and reduce mobile data usage, since Wi-Fi uses less power than cellular data.

Response from Google

When we brought this issue to Google's attention, they responded that:
"We take the security of our users' location data very seriously and we're always happy to be made aware of potential issues ahead of time. Since changes to this behavior would potentially affect user connectivity to hidden access points, we are still investigating what changes are appropriate for a future release."
Additionally, yesterday a Google employee submitted a patch to wpa_supplicant which fixes this issue. While we are glad this problem is being addressed so quickly, it will still be some time before that fix gets integrated into the downstream Android code. And even then, Android fragmentation and the broken update process for non-Google Android devices could delay or even prevent many users from receiving the fix. (We hope Google can make progress on this problem, too.)

Leave a Reply

Subscribe to Posts | Subscribe to Comments

Categories

Designed by Cyber Freak

News Flash


Blog Archive

Powered by Blogger.

Copyright © Cyber Era News. All rights reserved.- Powered by Eravations - Designed by Shantanu Chauhan -