'WiFi Finder' app left over 2 million network passwords exposed

Cal Jeffrey

TS Evangelist
Staff member

The app simply named “WiFi Finder” searches for nearby hotspots. Users could upload public hotspots or even their own router passwords to the app’s database to allow other users to find and access them.

However, the app’s database was left wide open on the internet. The credentials of over two million networks were unsecured and unencrypted for an unknown length of time.

Security researcher Sanyam Jain of the GDI Foundation told TechCrunch that the data was easily accessible for anyone to download. The records contained the WiFi network name, geolocation, its basic service set identifier (BSSID), and the network password stored in plaintext.

“We notified the user and have taken the [server] hosting the exposed database offline.”

TechCrunch tried reaching Proofusion, the Chinese developer of the app but received no response. It then contacted DigitalOcean, the company hosting the app’s database. It was taken down within 24 hours.

“We notified the user [Proofusion] and have taken the [server] hosting the exposed database offline,” said a spokesperson for DigitalOcean.

The developer claims that the app only provides passwords for “public hotspots.” However, when analyzed, the exposed data contained many home networks.

Indeed, even in the app’s description, it advertises, “Share your network,” and “Be social and share your Wi-Fi hotspots. Add your Wi-Fi network and update.”

With the database taken down, the app may not be functioning properly now. It is unclear if Proofusion will address the problem.

Permalink to story.

 

Squid Surprise

TS Evangelist
Lol... that was the entire point of the app!! Encrypting the list would have defeated the purpose of it!

These apps (there are tons) all seek to provide the user free wi-fi in as many locations as possible. If you disagree with this principle, then this app isn't for you in the first place.

What's more unsettling is the willingness of people to share their router login/pass with ANY app... but hey, I suppose some people are just really generous...
 
  • Like
Reactions: Clamyboy74

amghwk

TS Guru
Why use a separate app for finding wifi hotspots, when the phone can list available detected wifi in-built in wifi menu?