The WiFi snooping row Google has gotten itself into seems to be far from over. In April, Google revealed that its Street View cars had been collecting basic data such as the MAC addresses and SSIDs of WiFi networks in the vicinity. But after German authorities asked Google to audit the data, it admitted to have been “mistakenly” snooping payload data from Open WiFi networks. Apparently, a piece of WiFi data analysis code, written by Google engineers back in 2006, was part of the software used by the Street View cars, in turn leading to the WiFi snooping (of about 600 GB of data across 30 countries!).
Google now faces probes from a long list of European countries including Belgium, Britain, the Czech Republic, France, Germany, Italy, Spain and Switzerland; authorities in Austria, Denmark and Ireland have already asked Google to delete all WiFi data it has captured in those countires. Australia, Canada and U.S. have also joined the list, with Google facing lawsuits in at least three US states.
This story has once again put the focus on the security risks posed by WiFi when used naively and I hope it serves as a wake-up call to WiFi users at home, enterprises, and on the road. Awareness about WiFi security is surely growing, but surveys conducted by AirTight show that the number of unsecured WiFi networks worldwide (even inside enterprises) and the scale of WiFi malpractices is still alarming.
Data mistakenly sniffed by Google over Open WiFi could be anything from emails and Internet data browsed by users to fragments of files or even sensitive information such as banking passwords or credit card numbers! Now if it was a malicious hacker instead of the Google cars, then TJX knows how bad it can get.
The least you can do is to use a strong encryption (WPA/WPA2) on your WiFi AP. Enterprises (including those that do not have an official WiFi network) of course also need to protect their assets from threats posed by unmanaged wireless devices such as Rogue APs that can inadvertently or maliciously compromise their network security.