1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

'WiFi Finder' app left over 2 million network passwords exposed

By Cal Jeffrey · 7 replies
Apr 22, 2019
Post New Reply
  1. The app simply named “WiFi Finder” searches for nearby hotspots. Users could upload public hotspots or even their own router passwords to the app’s database to allow other users to find and access them.

    However, the app’s database was left wide open on the internet. The credentials of over two million networks were unsecured and unencrypted for an unknown length of time.

    Security researcher Sanyam Jain of the GDI Foundation told TechCrunch that the data was easily accessible for anyone to download. The records contained the WiFi network name, geolocation, its basic service set identifier (BSSID), and the network password stored in plaintext.

    “We notified the user and have taken the [server] hosting the exposed database offline.”

    TechCrunch tried reaching Proofusion, the Chinese developer of the app but received no response. It then contacted DigitalOcean, the company hosting the app’s database. It was taken down within 24 hours.

    “We notified the user [Proofusion] and have taken the [server] hosting the exposed database offline,” said a spokesperson for DigitalOcean.

    The developer claims that the app only provides passwords for “public hotspots.” However, when analyzed, the exposed data contained many home networks.

    Indeed, even in the app’s description, it advertises, “Share your network,” and “Be social and share your Wi-Fi hotspots. Add your Wi-Fi network and update.”

    With the database taken down, the app may not be functioning properly now. It is unclear if Proofusion will address the problem.

    Permalink to story.

     
  2. Squid Surprise

    Squid Surprise TS Evangelist Posts: 2,450   +1,448

    Lol... that was the entire point of the app!! Encrypting the list would have defeated the purpose of it!

    These apps (there are tons) all seek to provide the user free wi-fi in as many locations as possible. If you disagree with this principle, then this app isn't for you in the first place.

    What's more unsettling is the willingness of people to share their router login/pass with ANY app... but hey, I suppose some people are just really generous...
     
    Clamyboy74 likes this.
  3. netman

    netman TS Addict Posts: 251   +73

    Glad not using Android!
     
  4. amghwk

    amghwk TS Guru Posts: 491   +304

    Why use a separate app for finding wifi hotspots, when the phone can list available detected wifi in-built in wifi menu?
     
  5. Squid Surprise

    Squid Surprise TS Evangelist Posts: 2,450   +1,448

    Because the app also gives the passwords... your phone just lists the hotspot names...
     
  6. fktech

    fktech TS Maniac Posts: 512   +128

    Never secure enough.
     
  7. kenc1101

    kenc1101 TS Member Posts: 22   +22

    It's not an Android problem.
     
    mbrowne5061 and Squid Surprise like this.
  8. jobeard

    jobeard TS Ambassador Posts: 12,754   +1,490

    IMO, they don't understand the consequences
     

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...