Sync and Security: A big problem.
Any one interested in Sync and Security may wish to watch this bug:
Bug 592772 - Fennec should offer to use master password
This comment sums things up nicely:
Quote: Michael Coates 2010-11-10 14:05:18 PST
I'd like to reopen the discussion on this issue. I understand we may not be
willing to block fennec for the master password. However, I think we do need to
carefully make a few design decisions in the interest of security.
Current Sync Deployment:
1. Any sync'ed passwords (from desktops/other devices) will be sync'ed to the
2. Passwords on the mobile are stored in clear text
3. A phone without builtin encryption (e.g. most of them) provides zero defense
from an attacker inspecting and removing the passwords (either via running
script or forensic inspection)
4. Mobile phones are much more likely to be lost or stolen then laptop/desktop
computers which increases the risk of unencrypted stored passwords.
1. Master password (as discussed)
2. Default to not sync passwords to mobile devices at all
3. Idea #2 by default plus user option to enable password sync with a huge
warning message on the risk they're about to accept
We need to adopt some sort of solution to mitigate this risk before we launch
fennec with sync. Otherwise our users will be caught of guard by the large
security risk they've unknowingly assumed.I also fear we will receive
significant backlash from media/security/privacy groups. Mobile banking apps
are already receiving bad press for poor security practices on mobile devices
and hackers are definitely targeting mobile devices.