The names of the WiFi networks
to which you connect probably say a lot about you. Did you just come
back from an airport? Do you work at X company? Do you spend your days
at Y cafe? Your Android phone might be broadcasting this information for
anyone within WiFi range to see, according to research by the
Electronic Frontier Foundation (EFF), a San Francisco-based nonprofit
that advocates digital privacy.
Some Android devices running the
Android operating system version 3.1 (Honeycomb) or later broadcast the
names of the last 15 WiFi networks to which that device connected —
even when the device’s screen is turned off, the EFF found. Google
already appears to be working on a fix for the issue, and in the
meanwhile you can take some simple steps to prevent this data leakage
from happening.
This issue could be especially
serious if the WiFi networks have revealing names, because then anyone
within WiFi range of your phone might discover your name (from your home
network) your workplace (from your work network), or any other schools,
restaurants, doctor’s offices, airports, and other locations you
recently visited.
This behavior is part of an Android feature found in Android 3.1 and later, the EFF wrote on its blog.
Called Preferred Network Offload (PNO), it was designed to help phones
connect to WiFi networks even in low-power mode. PNO is itself built
using an open-source piece of software called “wpa_supplicant” used in
several Linux distributions, of which Android is one.
However, not all Android phones
leak the previous 15 WiFi network names. The Samsung Galaxy S series
does not, for example (though the EFF apparently did not test the
Samsung Galaxy S5). Phones that are affected include the HTC One, the
Nexus 4 and 5, the Samsung Galaxy Nexus and the Motorola Droid 3 and 4.
The EFF also tested iOS devices
and found that iOS 6 and 7 devices did not experience similar issues.
However, one of several iPads running iOS 5 did.
It’s not just Android devices,
either: “Many laptops are affected, including all OS X laptops and many
Windows 7 laptops.” However, EFF considers laptops to be less of a
privacy threat, since they are not continuously on while people walk
around with them.
Google released a response to
EFF’s findings, saying: “We take the security of our users’ location
data very seriously and we’re always happy to be made aware of potential
issues ahead of time. Since changes to this behavior would potentially
affect user connectivity to hidden access points, we are still
investigating what changes are appropriate for a future release.”
In the meanwhile, the EFF says you can plug up this WiFi hole by going into your phone’s Advanced Wi-Fi settings (it’s different on different models of Androids) and changing the Keep Wi-Fi on during sleep setting to Never.
However, this technique did not
work on the Motorola Droid 4 running Android 4.1.2. In that case, EFF
says you would need to make the phone “forget” each WiFi network by
tapping the WiFi network’s name and selecting Forget.
Manually turning off the phone’s WiFi, or installing an app that will
automatically turn WiFi off for you, will do the trick as well.
Email jscharr@tomsguide.com or follow her @JillScharr and Google+. Follow us @TomsGuide, on Facebook and on Google+.
Source: Yahoo News
No comments:
Post a Comment