If you have an Android phone and you are interested in your privacy, then you should read this story. According to the Electronic Frontier Foundation, the Preferred Network Offload feature in the Android OS extends battery life which is good. But it also leaks location data which is very very bad:
The preferred network offload (PNO) feature, found in Android versions from Honeycomb (Android 3.1) onwards, allows devices to connect to wi-fi networks while in low power in order to extend battery life. The feature prioritises less power-hungry wi-fi connections over cellular connections.
But the feature is broadcasting a list of the 15 most recent wi-fi networks the device was connected to even while the device is in sleep mode, the EFF found, meaning anyone within wi-fi range of the device is able to access the connection history and map the user’s recent physical location.
“Wi-fi devices that are not actively connected to a network can send out messages that contain the names of networks they’ve joined in the past in an effort to speed up the connection process,” the EFF found.
The good news is that this is in the process of being fixed:
The offending code is the open source wpa_supplicant application which is used by Android to manage wi-fi, the EFF said. It said Google yesterday submitted a patch to the application which fixed the issue, ahead of Google integrating the fix into the downstream Android code.
“We take the security of our users’ location data very seriously and we’re always happy to be made aware of potential issues ahead of time. Since changes to this behavior would potentially affect user connectivity to hidden access points, we are still investigating what changes are appropriate for a future release,” Google told the EFF.
The bad news is that other OSes have this issue. Namely OS X from Apple and Windows 7 from Microsoft. Those will have to be fixed at some point. But to protect yourself, the EFF suggests that you either turn off “keep wi-fi on during sleep” in device’s wi-fi settings (assuming the device has such a feature) or manually clear the network history to remain secure.
Like this:
Like Loading...
Related
This entry was posted on July 4, 2014 at 11:20 am and is filed under Commentary with tags Android, OS X, Security, Windows 7. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Android, Windows 7 & OS X “Leak” Location Data
If you have an Android phone and you are interested in your privacy, then you should read this story. According to the Electronic Frontier Foundation, the Preferred Network Offload feature in the Android OS extends battery life which is good. But it also leaks location data which is very very bad:
The preferred network offload (PNO) feature, found in Android versions from Honeycomb (Android 3.1) onwards, allows devices to connect to wi-fi networks while in low power in order to extend battery life. The feature prioritises less power-hungry wi-fi connections over cellular connections.
But the feature is broadcasting a list of the 15 most recent wi-fi networks the device was connected to even while the device is in sleep mode, the EFF found, meaning anyone within wi-fi range of the device is able to access the connection history and map the user’s recent physical location.
“Wi-fi devices that are not actively connected to a network can send out messages that contain the names of networks they’ve joined in the past in an effort to speed up the connection process,” the EFF found.
The good news is that this is in the process of being fixed:
The offending code is the open source wpa_supplicant application which is used by Android to manage wi-fi, the EFF said. It said Google yesterday submitted a patch to the application which fixed the issue, ahead of Google integrating the fix into the downstream Android code.
“We take the security of our users’ location data very seriously and we’re always happy to be made aware of potential issues ahead of time. Since changes to this behavior would potentially affect user connectivity to hidden access points, we are still investigating what changes are appropriate for a future release,” Google told the EFF.
The bad news is that other OSes have this issue. Namely OS X from Apple and Windows 7 from Microsoft. Those will have to be fixed at some point. But to protect yourself, the EFF suggests that you either turn off “keep wi-fi on during sleep” in device’s wi-fi settings (assuming the device has such a feature) or manually clear the network history to remain secure.
Share this:
Like this:
Related
This entry was posted on July 4, 2014 at 11:20 am and is filed under Commentary with tags Android, OS X, Security, Windows 7. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.