WiFi Finder, a popular app for hotspots exposed over 2 million passwords recently. The app also failed to respond to public concerns about the exposure, despite repeated attempts by news agencies.
The app is well-known for its ability to locate hotspots anywhere and also hosts a large public database of public passwords. However, the database also showcased several passwords, geolocation tags and other important information for home-based networks.
The app does enable users to upload their personal passwords to the virtual database. Hence, it is not clear whether these passwords presented themselves to end-users in accordance to the will of the owners or not. However, the app makers can still be in trouble as the database remained unprotected and showed extremely laid-back attitude towards security.
After noticing the exposure, security researchers like Sanyam Jain contacted news agencies. Sanyam, who works for GDI foundation requested news agencies to contact the app developer in China.
Despite making several attempts to establish communication, there was no response from the app developers. Ultimately, Digital Ocean, the application’s host finally secured the database within a day of notice.
According to a spokesperson of Digital Ocean, they have notified users of the breach and taken the database offline.
A Growing Ocean of Open Wi-Fi Networks Increases Risks
Each entry in the database contained the name of a Wi-Fi network, its basic service set identifier (BSSID), network password stored in plaintext, and its geolocation.
These information points are highly vulnerable, especially to hackers. Once exposed, this information provides a gateway for attackers to modify DNA settings and route users to malicious websites. Additionally, these unsecured networks also can be a meal-ticket to steal data and passwords from unsuspecting swarms of users.
Over tens of thousands of information point leaked by Wifi finder app are from the U.S. For some of these naïve users, the coffee might not taste the same tomorrow morning.
