Android Sends the NSA Your Passwords (and NSA roundup, Appelbaum seeks asylum in Germany?!)

Quote of the day: “Encryption helps against dragnet-style surveillance.[…] It provides only a minimum of security [against targeted attack].” –Appelbaum, more on this later

Android cointains a default-on “back up my data to Google” option, which, it’s been known for some time, also includes the plaintext versions of your WiFi passwords.

Being that we now know Google == Nigerian Scammers’ Association, that has interesting implications. Both organizations are known to engage in mass-scale recording and storage of raw WiFi network traffic. The former, through Street View cars doing “oops forgot that box was checked” data-slurping. (And they still keep detailed records of WiFi networks as a geolocation tool) The latter, through Menwith Hill, Pine Gap, Dagger, Green Bank, Sugar Grove, Yakima, ad infitium.

And now they have the keys needed to decrypt the data oh-so-conveniently at hand, courtesy the Android-using public.

Time to go drop your smartphones in a toilet…

NSA roundup:
If you’re curious exactly what XKeyscore does, more info courtesy the Grauniad. http://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-data

YOU MAY ALREADY BE A WINNER! In the NSA’s “three-degrees-of-separation” sweepstakes, anyone connected to someone connected to someone “on the radar” is also under surveillance. Let’s see, if the people reading what I write have at least 200 close friends on average… http://arstechnica.com/information-technology/2013/07/you-may-already-be-a-winner-in-nsas-three-degrees-surveillance-sweepstakes/

Possibly the most insightful comment on why we need less, not more, Big Data. “If Hitler had the NSA’s technology, the ‘Final Solution to the Jewish Question’ would have been a matter of days.” http://blog.refefe.de/?ts=af16af43

Jake Appelbaum seeks asylum… in Germany?!:
“Germany is at the moment the safest place in Europe for me. I don’t feel safe in the US. My female partner is being watched with night-vision devices, I was harassed and detained multiple times due to my connection to Wikileaks. The effect is the same as what the Stasi did to people in the DDR: a part of their tactics was that people [speaking about their experiences] sounded crazy.” http://www.taz.de/Hacker-Appelbaum-ueber-Ueberwachung/!120942/

Sounds like a member of the ‘Zersetzung and Gaslighting First-Hand Experts’ Association”… I also found this quote interesting:
“Criticizing the NSA has disadvantages and perhaps these disadvantages are so large that no government would do it. […] You’re getting angry with [conservative German PM, currently up for election, accused of violating oath of office re: NSA by opposition candidate] Merkel? Maybe you should point your anger at the NSA instead — since it’s their fault,that Merkel couldn’t agree with you even if that was her opinion.”

Though, it seems Appelbaum hasn’t forgotten who he works for:
“when, instead of going and working at Rohde & Schwarz [manufacturer of high-end electronic test equipment, German defense-industrial complex] or Siemens [also German defense-industrial complex] you come work for us at Tor [funded ~80% by the US government]” https://www.youtube.com/watch?v=-VUyuFH9CbI

http://www.h-online.com/security/news/item/Android-and-its-password-problems-open-doors-for-spies-1918596.html

“The data stored on Google servers when the “Back up my data” option is selected on an Android device includes Wi-Fi passwords in plain text format. This is not in itself news, but businesses in particular may wish to reconsider its implications in the light of the latest surveillance scandal.

The backup function is, at least on Nexus devices, activated by default, with no password of any kind required for the service. In Google’s favour, it has to be said that it does make it clear what users are letting themselves in for, with the description of this function stating “Back up … Wi-Fi passwords … to Google servers”. Tests by The H’s associates at heise Security showed that after resetting an Android phone to factory settings and then synchronising with a Google account, the device was immediately able to connect to a heise test network secured using WPA2. Anyone with access to a Google account therefore has access to its Wi-Fi passwords.

Given that Google maintains a database of Wi-Fi networks throughout the world for positioning purposes, this is a cause for concern in itself, as the backup means that it also has the passwords for these networks. In view of Google’s generosity in sharing data with the NSA, this now looks even more troubling. After all, the NSA does not restrict itself to combating terrorism, but is also on the record as having been involved in industrial espionage.”

Advertisements
%d bloggers like this: