Navigation
Thought for the Dazed

I've had to give up that Distance Learning course as I was having trouble seeing the teacher.

Flickr
www.flickr.com
RobMiles' items Go to RobMiles' photostream
Twitter
Tag Cloud
C# Yellow Book

Links
Search entire site
« Tetris Lights | Main | Harry Bosch is the man »
Monday
Aug062012

Scary Nexus 7

DateMonday, August 6, 2012 at 06:27PM

IMG_2542-Edit.jpg

The Nexus is proving quite an impressive piece of hardware. Battery life is shaping up to be very good. I’ve found out how to make the screen brighter (turn on auto-brightness) and got auto-rotate to work (for some reason it is turned off by default). I’ve also found some useful applications, including one that provides access to my Skydrive storage amongst other things. I’ve loaded some films and music onto it and they work very well and look rather good. Then it did something that totally baffled me.

I took the Nexus 7 to work today. Left it in my bag. Didn’t bother connecting it to the campus network. After a while it beeped, so I got it out to take a look. It had received a new email message. Which was rather impressive, bearing in mind it didn’t have a network connection. Then I took a closer look at the WiFi settings. It knew all about the university network, along with a couple of networks at places it had never been to.

Strange.

Eventually I remembered, around a year ago I had a brief fling with a Nook Color, another Android powered tablet. I found the Nook great for reading books (that’s what Barnes and Noble made it for) but a bit slow for anything else. But I did take it to work and connect it to the campus network. And of course I’d registered the device using my Google username. Which means that the Nook had uploaded the WiFi settings to my part of the Google cloud which then made them available to any other Android device that I register.

I’m not sure whether to be impressed or frightened by this. On one hand it is very convenient for me not to have to mess around with SSIDs and passwords. On the other it is a bit scary that Google are holding all my (along with lots of other people’s) network credentials up in their cloud. One of the boxes that I ticked next to a page of licence agreements (does anybody actually read these) probably gave them permission to do this, but I now worry a bit that if I get a security breach on my Google account it also gives people access to my home network, should they choose to register their own device and then stand outside my house, browsing files the other side of my network firewall…

This is a reminder of just how clever and connected modern devices can be, and just how much you have to be aware of the dangers of all this cleverness.

AuthorRob | Comment8 Comments |
in

Reader Comments (8)

It's not buried in some license agreement, there is an extremely explicit "Do you want to backup and restore Android Settings to your Google Account?" prompt during setup. I believe it even explicitly calls out WiFi passwords as an example of what will be backed up.
August 7, 2012 | Unregistered CommenterChris S
Fair enough. Don't remember seeing that though, I'll go back and take a look.
August 7, 2012 | Registered CommenterRob
And what stops Google from offering a finer selection mechanism than the binary yes/no to allowing Android settings to be captured by the Google Framework?

It is indeed quite scary behaviour, in spite of the convenience that it offers.
August 7, 2012 | Unregistered CommenterTom Dewey
@Tom Dewey

Exactly. And Google has already been accused, and I think convicted, of snooping around in people's Wi-Fi networks. Where are these passwords being stored? Who has access to them?
August 8, 2012 | Unregistered CommenterJSMinch
I fail to see how an ssid and passkey being stolen is a big concern considering Microsoft and Google already have our contacts, emails and files. Still, keeping everything online is likely a bad idea considering the number of online security breaches these days. Nice to see you using a non windows device Rob, I think the nexus 7 is top notch stuff.
August 8, 2012 | Unregistered CommenterAlex P
You fail to see why a company or individual might be worried that persons unnammed might have access to their network? All I can say is wow.
August 8, 2012 | Unregistered CommenterJSMinch
I've found the option:

Settings>Backup & Reset>Back up my data

I've turned it off. I've also disabled it on the Nexus belonging to number one wife, where it was set on by default (and she never got asked the question about this option). The thing that worries me most is that she would not expect that the loss of her Google password would give someone access to our home network (and those of our kids who we visit from time to time).
August 8, 2012 | Registered CommenterRob
to be fair, google do offer two factor authentication that's quite robust. I'm not as worried about my account being lost because of this. I've come to accept that a lot of this information is in the cloud but as long as I have the right authentication im fine with it. I've got lastpass.com randomising my passwords and two factor authentication enabled on all services that it is available on.
August 8, 2012 | Unregistered CommenterArjun

PostPost a New Comment

Enter your information below to add a new comment.
Author Email (optional):
Author URL (optional):
Post:
 
All HTML will be escaped. Hyperlinks will be created for URLs automatically.

Notify me of follow-up comments via email.