Tim Igoe's Web Design, Development and Hosting Blog

Google Accidentally Steals Wifi Data?

Posted on by Tim Igoe

It was found out that when Google’s Street View car was doing the rounds in Germany (and maybe other countries too) it was sniffing out for “open” wifi networks. The plan was maybe to plot these on the map for users to find wifi networks easily when they were in an area. They claimed to be collecting SSID and MAC addresses of the devices (these could potentially be used to identify users locations).

The bad thing to this, is that a number of home users STILL have no security on their personal wifi networks so these would have been picked up too. This incident on its own is a very strong reminder to ALL that you should make sure your wireless networks are as secure as you can get them.

Back in 2006 a Google engineer was working on a wifi sniffing project, to capture publically broadcast wifi packets sent via insecure wireless networks, what they were going to do with this information is unknown. This project was apparently shelved, but when the team responsible for street view wanted to find out about wifi networks while the cars were on the move wanted similar functionality, instead of creating it again, they used the same code.

This code was ‘accidentally’ (according to Google) saving packets of data along with the requested information as the street view car did its rounds, and while the car was moving it wouldn’t have captured MUCH data for each wireless network there is no way for us to know what exactly it DID capture.

What concerns me here, is IF this software was even properly tested before it was sent out to do the rounds? If it had been tested, wouldn’t it have been obvious that it was capturing data packets that it shouldn’t have been, and thus the code checked into / ammended? Or is this a cover up from the internet behemoth now that someone has found out via an audit that the data was collected?

Plans are now in place to, with the relevant authorities in a list of not known countries, destroy the data – however it HAS been captured, and without consent or agreement. If Google has captured, and first off denied doing so, this data then what else are they capturing and denying?

This entry was posted in Google and tagged , . Bookmark the permalink.

Leave a Reply