Technology 2 min read

WiFi Finder App Exposes Passwords of 2 Million WiFi Networks

Pasko Maksim / Shutterstock.com

Pasko Maksim / Shutterstock.com

According to reports, a public hotspot finder app called WiFi Finder has exposed the password of around two million WiFi networks in the United States. The app was reportedly developed by Proofusion, a firm based in China.

Sanyam Jain, a security researcher and GDI Foundation member, discovered the database containing tens of thousands of network passwords. If that’s not bad enough, the database also includes other sensitive information like network SSIDs and their precise geolocations.

Jain reported his discovery to TechCrunch who in turn tried to get in touch with the developer of the app. For two weeks, they attempted to contact Proofusion to report their findings, but they received no response from the company.

As a final resort, Jain and TechCrunch reached out to the database’s host DigitalOcean who immediately took down the database upon learning of the situation.

The WiFi Finder App

WiFi Finder was a mobile app intended to search for hotspots in public areas. The idea behind the app is to help people quickly locate free public WiFi hotspots wherever they are. It is not supposed to collect private data from private WiFi networks in residential areas.

According to the app’s developer, WiFi Finder should only provide passwords for public WiFi networks. However, Jain’s review of the app showed it collects data from various WiFi networks, including private networks. The database, fortunately, doesn’t contain the personal information of WiFi network owners.

The app works by allowing users to upload passwords of WiFi networks from their devices so others can use them. Brandon Hill, a security expert from HotHardware, was particularly alarmed by the geolocation data of networks exposed in the incident. He said:

“With geolocation data of home networks, passwords and SSID information, it would be trivial for attackers to use this information to gain unauthorized access.”

The information included in the database could be used by attackers to manipulate the router settings of the WiFi networks, intercept any login attempts, control smart home devices like security cameras and locks connected to the WiFi, or spread malware across the network.

Read More: Security Researchers Find WPA3 Vulnerabilities

First AI Web Content Optimization Platform Just for Writers

Found this article interesting?

Let Chelle Fuertes know how much you appreciate this article by clicking the heart icon and by sharing this article on social media.


Profile Image

Chelle Fuertes

Chelle is the Product Management Lead at INK. She's an experienced SEO professional as well as UX researcher and designer. She enjoys traveling and spending time anywhere near the sea with her family and friends.

Comments (0)
Most Recent most recent
You
117
share Scroll to top

Link Copied Successfully

Sign in

Sign in to access your personalized homepage, follow authors and topics you love, and clap for stories that matter to you.

Sign in with Google Sign in with Facebook

By using our site you agree to our privacy policy.