If you use Google Music, you should be aware that the downloads coming from Google are not secure and could be sniffed out by those on your local network. While not the largest breach of security in Google’s history, it is quite surprising that Google would not use a secure protocol to transfer the content.
The issue is that Google Music does utilize HTTPS while browsing the store, but when it comes to downloading the music, Google uses HTTP, instead of HTTPS. The S denotes the use of SSL, which is a security mechanism for safely transporting content between two points.
The absence of HTTPS in file transfers means that anyone on your local network could easily identify the music you are downloading or even steal the files too. Sure, this isn’t going to ruin you financially but the fact it can be done easily is a bit alarming. More so, if you had private audio files stored on Google Music, they could be intercepted too.
In the image above, you can see that a file is being downloaded from Google Music and using Wireshark, the file was intercepted during transmission. You can also see that Google is using HTTP to transfer the music in the WireShark screenshot.
It’s a little flaw for the music store and if you use Google Music and don’t want your friends to know of your endless love for Justin Bieber, you might want to consider switching music services.
Thanks for the tip Artem S. Tashkinov
34 Comments - Add comment