[kwlug-disc] [OT] Google sniffing wifi, collecting emails and passwords.
Khalid Baheyeldin
kb at 2bits.com
Mon Jun 21 17:04:06 EDT 2010
It was in a sense accidental, because they used an existing open source
technology to capture wifi packets (Kismet, and something called gslite
along with it).
Background: Google wants to build an alternate to GPS navigation in the
cities, so any Wifi enabled device will be able to listen to what access
points are out there and then query Google's database online and deduce its
exact location. For this, they need the MAC address, and the signal
strength.
Here is their patent for it
http://industry.bnet.com/technology/10005017/google-trying-to-deduce-wireless-location-info-bypass-carriers/
So, they recorded what the tool provided, not that they intentionally wanted
to capture the other stuff. This happened to contain packets that had email
fragments, HTTP, or other stuff that just happened to be on the air at the
time, and unencrypted.
Where they went wrong is not filtering this data to only what they need (MAC
address, signal strength) and/or discarding it quickly.
Here is a report by a consulting firm on that incident
http://googleblog.blogspot.com/2010/05/wifi-data-collection-update.html
Specifically:
http://www.google.com/googleblogs/pdfs/friedberg_sourcecode_analysis_060910.pdf
http://yro.slashdot.org/story/10/06/19/1635200/Why-Googles-Wi-Fi-Payload-Collection-Was-Inadvertent
So, it is less sinister than what it sounds like. A flub, but not out of
malice, rather oversight and poor processes.
--
Khalid M. Baheyeldin
2bits.com, Inc.
http://2bits.com
Drupal optimization, development, customization and consulting.
Simplicity is prerequisite for reliability. -- Edsger W.Dijkstra
Simplicity is the ultimate sophistication. -- Leonardo da Vinci
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20100621/787a028d/attachment.htm>
More information about the kwlug-disc
mailing list