Feeds

Google's Wi-Fi sniff probe reveals 'criminal intent' - PI

'We paid them to say what?'

Designing a Defense for Mobile Applications

An analysis of Google's Wi-Fi sniffing code, paid for by Google, suggests the company could find itself facing criminal charges, according to a privacy watchdog and pressure group.

Google's lawyers Perkins Coie paid computer forensics firm Stroz Friedberg to analyse the code used, presumably in order to defend itself against attacks from several privacy authorities in Europe and elsewhere.

Consultants from Stroz Friedberg analysed the source code for "gslite" - the program running while Google's Street View cars trundled along the street.

They found gslite - part of the gstumbler programme - was made up of 32 source code files and 12 extra files with config files and changelog information.

The software worked with Kismet - packet-sniffing software. gslite then parsed header information from any unsecured wireless network it passed. Kismet hopped channels five times per second in order to grab as many networks as possible.

The paper said that frames from encrypted networks were discarded by gslite. Unencrypted bodies were written straight to disc, but not parsed by the program.

Privacy International believe this represents criminal intent - data protection law does not normally allow the interception of communications in this way.

PI said: "This action by Google cannot be blamed on the alleged 'single engineer' who wrote the code. It goes to the heart of a systematic failure of management and of duty of care."

Gslite made no attempt to parse the body of any messages or file transfers, but it also collected numerical identifiers of kit attached to the network.

The program linked the information collected with GPS data from the car. The analysis notes that the GPS system provides geolocation data rather more slowly than network data so gslite corrects the difference between the two before storing the file.

PI's blog post is here, and it also has a link to the pdf report.

The "rogue engineer" theory was further undermined by Google's legal eagles' earlier moves to patent the network sniffing technology.

A Google spokesman said, "As we have said before, this was a mistake. The report today confirms that Google did indeed collect and store payload data from unencrypted WiFi networks, but not from networks that were encrypted. We are continuing to work with the relevant authorities to respond to their questions and concerns."®

Application security programs and practises

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.