According to reports, a public hotspot finder app called WiFi Finder has exposed the password of around two million WiFi networks in the United States. The app was reportedly developed by Proofusion, a firm based in China.
Sanyam Jain, a security researcher and GDI Foundation member, discovered the database containing tens of thousands of network passwords. If that’s not bad enough, the database also includes other sensitive information like network SSIDs and their precise geolocations.
Jain reported his discovery to TechCrunch who in turn tried to get in touch with the developer of the app. For two weeks, they attempted to contact Proofusion to report their findings, but they received no response from the company.
As a final resort, Jain and TechCrunch reached out to the database’s host DigitalOcean who immediately took down the database upon learning of the situation.
The WiFi Finder App
WiFi Finder was a mobile app intended to search for hotspots in public areas. The idea behind the app is to help people quickly locate free public WiFi hotspots wherever they are. It is not supposed to collect private data from private WiFi networks in residential areas.
According to the app’s developer, WiFi Finder should only provide passwords for public WiFi networks. However, Jain’s review of the app showed it collects data from various WiFi networks, including private networks. The database, fortunately, doesn’t contain the personal information of WiFi network owners.
The app works by allowing users to upload passwords of WiFi networks from their devices so others can use them. Brandon Hill, a security expert from HotHardware, was particularly alarmed by the geolocation data of networks exposed in the incident. He said:
“With geolocation data of home networks, passwords and SSID information, it would be trivial for attackers to use this information to gain unauthorized access.”
The information included in the database could be used by attackers to manipulate the router settings of the WiFi networks, intercept any login attempts, control smart home devices like security cameras and locks connected to the WiFi, or spread malware across the network.
Comments (0)
Most Recent