oops! I Did It Again
May 15, 2010 9 Comments
by Elias Shams
That’s what Google said, confessed, and apologized yesterday.
After admission of an embarrassing privacy gaffe, the Do no Evil search engine giant, Google made yesterday, the company decided to stop its Street View cars from sniffing wireless networking data. Contrary to the company’s claims, for at least three years, Google has been collecting the information that the users have been sending from a non-password-protected Wi-Fi networks.
Before I get to Google, first thing first! Wi-Fi has been around for about nine years. If you still don’t realize to secure your Wi-Fi yet, don’t even bother getting on the Internet. Hide your network and password protect it. Using an open Wi-Fi is the digital equivalent of putting your TV and stereo in the yard and leaving for the day.
Google Street View cars are best known for driving around cities and logging snapshots of the area, which are then posted online and integrated with Google Maps. Google cars had been sniffing some network data — SSID information and MAC addresses — that was then used to help the company get a better fix on the locations of things in order to improve its Web products. Google had said that it wasn’t sniffing other data sent over the networks, but it turned out that this wasn’t true.
For those that are non-technical:
SSID (Service Set Identifier) = The name of your wireless network. Most user’s home network is named “LINKSYS”
MAC (Media Access Control) Address is like a unique fingerprint for a device on a network. It can be used to uniquely identify a network device as well as provide information on the device its self.
Because the Street View cars are usually in motion, they probably would have recorded only snippets of information from open networks, but they could have picked up sensitive data from unencrypted Web sites, including Google’s own Gmail service, which only recently started requiring encrypted (HTTPS) Web connections.
Google’s Senior VP of Engineering & Research Alan Eustace explained how this collection of sensitive data occurred. “Quite simply, it was a mistake.” He explained, “An engineer working on an experimental WiFi project wrote a piece of code that sampled all categories of publicly broadcast WiFi data. A year later, when our mobile team started a project to collect basic WiFi network data like SSID information and MAC addresses using Google’s Street View cars, they included that code in their software—although the project leaders did not want, and had no intention of using, payload data.”
Anyway, the company says it intends to delete the data “as quickly as possible.” It has already grounded its Street View cars, and will halt collection of WiFi network data.
The Google admission seems that whenever a company “comes clean” they’re often trying to misdirect. Notice how the BP leak went from no leak, to a small leak, to 5x the small leak confession to 10x the small leak confession to ‘A Valdez every 4 days’?.
Just remember this - Once you connect to the internet, you are vulnerable. Period! All you can do is make it harder, but you can’t prevent it.