A hotspot finder app exposed 2 million Wi-Fi network passwords

[tacobell fan]

A popular hotspot finder app for Android exposed the Wi-Fi network passwords for more than two million networks.

The app, downloaded by thousands of users, allowed anyone to search for Wi-Fi networks in their nearby area. The app allows the user to upload Wi-Fi network passwords from their devices to its database for others to use.

That database of more than two million network passwords, however, was left exposed and unprotected, allowing anyone to access and download the contents in bulk.

Sanyam Jain, a security researcher and a member of the GDI Foundation, found the database and reported the findings to TechCrunch.

We spent more than two weeks trying to contact the developer, believed to be based in China, to no avail. Eventually we contacted the host, DigitalOcean, which took down the database within a day of reaching out.

“We notified the user and have taken the [server] hosting the exposed database offline,” a spokesperson told TechCrunch.

Each record contained the Wi-Fi network name, its precise geolocation, its basic service set identifier (BSSID) and network password stored in plaintext.

Although the app developer claims the app only provides passwords for public hotspots, a review of the data showed countless home Wi-Fi networks. The exposed data didn’t include contact information for any of the Wi-Fi network owners, but the geolocation of each Wi-Fi network correlated on a map often included networks in wholly residential areas or where no discernible businesses exist.

The app doesn’t require users to obtain the permission from the network owner, exposing Wi-Fi networks to unauthorized access. With access to a network, an attacker may be able to modify router settings to point unsuspecting users to malicious websites by changing the DNS server, a vital system used to convert web addresses into the IP addresses used to locate web servers on the internet. When on a network, an attacker also can read the unencrypted traffic that goes across the wireless network, allowing them to steal passwords and secrets.

Tens of thousands of the exposed Wi-Fi passwords are for networks based in the U.S.

[tacobell fan]

Just now, tacobell fan said:

Sanyam Jain, a security researcher and a member of the GDI Foundation, found the database and reported the findings to TechCrunch.

Desi's ani eppudu dobbutaru ga, chudandi 

[LastManStanding]

Ashley Madison data leak ainappudu kuda intha badha padi undaru janam

[tacobell fan]

1 minute ago, LastManStanding said:

Ashley Madison data leak ainappudu kuda intha badha padi undaru janam

[LastManStanding]

Just now, tacobell fan said:

Desi's ani eppudu dobbutaru ga, chudandi 

Oka manchi desi ni chupinchi, andaru inthe antunnav ga bro..wapo gadu Tesla ni chupinchi h1b bots andaru inthe annattu..ma caste vallandaram oppukom nuvvu cheppevi

[tacobell fan]

1 minute ago, LastManStanding said:

Ashley Madison data leak ainappudu kuda intha badha padi undaru janam

browsing history chusthe daduchukoni chastaru ani bayou bro crowd ki

[aakathaai123]

Kaani adhi thappu kadaa annaai nen oka router koni nelaki 600 bill kaduthunte Vere vaadu naa password dobbesi naa data denkeyyadam maha aparaadham kada table fan annaai

[tacobell fan]

18 minutes ago, aakathaai123 said:

Kaani adhi thappu kadaa annaai nen oka router koni nelaki 600 bill kaduthunte Vere vaadu naa password dobbesi naa data denkeyyadam maha aparaadham kada table fan annaai

Hotspot finder app adi chesindhi not router. Router lo password change chesaka no one can get-in unless you do hard reset which is only available on your router itself. Two factor authentication pettukunedhi andhuke

[Sucker]

3 minutes ago, LastManStanding said:

Ashley Madison data leak ainappudu kuda intha badha padi undaru janam

Baa house theesi neeku acc vunda dantlo 

[LastManStanding]

Just now, tacobell fan said:

browsing history chusthe daduchukoni chastaru ani bayou bro crowd ki

True bro. Na browser history bayataki vaste na wife 211-divorce ki call chestadi

[tacobell fan]

Just now, Sucker said:

Baa house theesi neeku acc vunda dantlo 

He is a vet. So don't ask these questions.

[LastManStanding]

Just now, tacobell fan said:

Hotspot finder app adi chesindhi not router. Router lo password change chesaka no one can get-in unless you do hard reset with is only available on your router itself. Two factor authentication pettukunedhi andhuke

Ide example..niku chudu enni teluso..naku password and router tappithe em aramkala....peta lo ne oka genius and oka dummy unnam..India lo inka entha mando

[tacobell fan]

Just now, LastManStanding said:

True bro. Na browser history bayataki vaste na wife 211-divorce ki call chestadi

LOL

[ekunadam_enkanna]

there used to be a cloud cracker which lets you decrypt wpa2 passwords. Just upload the handshake, bam you get it in 24 hrs.

[LastManStanding]

1 minute ago, tacobell fan said:

He is a vet. So don't ask these questions.

Lol bro

2 minutes ago, Sucker said:

Baa house theesi neeku acc vunda dantlo 

Undedhi bro naku pelli kakamundu..oka nallame tho chala sarlu poya bayataki and oka maccu pori tho kuda..inkosari okati tagilindi, date ki poyaka..are u a doctor? I know Indians are rich..can u be my sugar daddy anindi..rate cheppu anna..every sunday $1k and lingerie shopping cheyiste chalu anindi..mundu ivala night motel ki podam..I should know what am getting into ani..pani chesi, oka forn tiskoni..repu evening 6 ki ready undi malla ki podam lingerie shopping ki ani cheppi..5:55 ki block chesi para10ga..adhi dani yeshalu.