It is possible with help of "Back up my data" in mobile operating system. The co-worker of the “Elecontric Frontier Foundation” Micah Lee announced that the function "Back up my data" in OS Android sends passwords from Wi-Fi and private information in plaintext to Google.
"Since backup and restore is such a useful feature, and since it's turned on by default, it's likely that the vast majority of Android users are syncing this data with their Google accounts. Because Android is so popular, it's likely that Google has plaintext Wi-Fi passwords for the majority of users,” Lee pointed out.
Lee supposes that Google can solve this problem via encryption of synchronized passwords through Google accounts or to encrypt all synced data with the user‘s own password. “The function "Back up my data" in Android is very convenient; however it implies sending a lot of personal data, including unencrypted passwords,” he marks.
Lee notes, that with your home Wi-Fi password, an attacker can sniff Wi-Fi traffic outside and then decrypt it all. An attacker can mount a man-in-the-middle attack and change any unencrypted Internet traffic as well.
“If you want to download a file, an attacker can serve you a malicious version instead. In addition he can scan for computers, phones, and tablets that are connected to your network, scan for open ports, and exploit vulnerable services,” the expert pointed out. Lee doesn‘t recommend to use “Back up my data” until Google corrects the problem with passwords.
Axarhöfði 14,
110 Reykjavik, Iceland