Ubuntu Linux WiFi Security: Canonical Combats Criticism

Criticism of Ubuntu Linux for storing WiFi network passwords in plaintext is unfair, since Canonical doesn't develop NetworkManager.

Christopher Tozzi, Contributing Editor

December 30, 2013

2 Min Read
Ubuntu Linux WiFi Security: Canonical Combats Criticism

It’s not even January 2014 yet, and already Canonical faces another media flare-up about its Ubuntu Linux operating system. But this time, the negative stories about the open source vendor — which critics accuse of storing WiFi passwords in an insecure way via NetworkManager — are not fair.

A few days ago, someone figured out that NetworkManager, the networking interface installed by default in Ubuntu and virtually every other major desktop Linux distribution, saves passwords for wireless networks in an unencrypted part of the file system. Now, the press is calling this “another potentially negative story about Ubuntu and Canonical,” and asking whether Ubuntu “goofed.”

To be sure, Canonical has made its share of poor PR decisions in recent years. From integrating Amazon.com search features into Ubuntu, to pushing drastically new interfaces into Ubuntu before they are ready for users (and users are ready for them), Canonical has sometimes displayed a tendency toward rash behavior — although it generally does a decent job of fixing its misteps sooner or later.

Don’t Blame Ubuntu

In this case, though, the password issue in NetworkManager is no fault of Canonical’s. The company doesn’t write that software; on the contrary, it’s part of GNOME, a project from which Ubuntu has grown increasingly distant in recent years. And there is no real alternative to NetworkManager, which is by far the most advanced and user-friendly networking interface available for Linux.

More importantly, the security concern with NetworkManager is not unique to Ubuntu. It affects all Linux distributions, as the media started noting after fingers were already pointing squarely at Canonical.

By the way, the fact that NetworkManager has been in widespread use on so many Linux platforms for over a half-decade, yet the password issue came to light only now, makes one wonder how crucially serious the vulnerability really is. Aren’t there much more important passwords to protect than those for wireless networks that users probably already know, since they’ve connected to the networks in the past? Sure, on multi-user systems, this information could be exploited in nasty ways, especially in enterprise settings where a particular user’s WPA password might also be used for other resources. But it’s hard to envision this being a huge problem for most users.

So on this occasion, Canonical deserves a break. There are plenty of valid criticisms of decisions made by the developers of Ubuntu — as of any operating system — but this is not one.

Read more about:

AgentsMSPsVARs/SIs

About the Author

Christopher Tozzi

Contributing Editor

Christopher Tozzi started covering the channel for The VAR Guy on a freelance basis in 2008, with an emphasis on open source, Linux, virtualization, SDN, containers, data storage and related topics. He also teaches history at a major university in Washington, D.C. He occasionally combines these interests by writing about the history of software. His book on this topic, “For Fun and Profit: A History of the Free and Open Source Software Revolution,” is forthcoming with MIT Press.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like