Jump to content

A hotspot finder app exposed 2 million Wi-Fi network passwords


tacobell fan

Recommended Posts

wifi.jpg?w=1390&crop=1

A popular hotspot finder app for Android exposed the Wi-Fi network passwords for more than two million networks.

The app, downloaded by thousands of users, allowed anyone to search for Wi-Fi networks in their nearby area. The app allows the user to upload Wi-Fi network passwords from their devices to its database for others to use.

That database of more than two million network passwords, however, was left exposed and unprotected, allowing anyone to access and download the contents in bulk.

Sanyam Jain, a security researcher and a member of the GDI Foundation, found the database and reported the findings to TechCrunch.

We spent more than two weeks trying to contact the developer, believed to be based in China, to no avail. Eventually we contacted the host, DigitalOcean, which took down the database within a day of reaching out.

“We notified the user and have taken the [server] hosting the exposed database offline,” a spokesperson told TechCrunch.

Each record contained the Wi-Fi network name, its precise geolocation, its basic service set identifier (BSSID) and network password stored in plaintext.

Although the app developer claims the app only provides passwords for public hotspots, a review of the data showed countless home Wi-Fi networks. The exposed data didn’t include contact information for any of the Wi-Fi network owners, but the geolocation of each Wi-Fi network correlated on a map often included networks in wholly residential areas or where no discernible businesses exist.

The app doesn’t require users to obtain the permission from the network owner, exposing Wi-Fi networks to unauthorized access. With access to a network, an attacker may be able to modify router settings to point unsuspecting users to malicious websites by changing the DNS server, a vital system used to convert web addresses into the IP addresses used to locate web servers on the internet. When on a network, an attacker also can read the unencrypted traffic that goes across the wireless network, allowing them to steal passwords and secrets.

Tens of thousands of the exposed Wi-Fi passwords are for networks based in the U.S.

Link to comment
Share on other sites

Just now, tacobell fan said:

Sanyam Jain, a security researcher and a member of the GDI Foundation, found the database and reported the findings to TechCrunch.

Desi's ani eppudu dobbutaru ga, chudandi 

Link to comment
Share on other sites

Just now, tacobell fan said:

Desi's ani eppudu dobbutaru ga, chudandi 

Oka manchi desi ni chupinchi, andaru inthe antunnav ga bro..wapo gadu Tesla ni chupinchi h1b bots andaru inthe annattu..ma caste vallandaram oppukom nuvvu cheppevi

Link to comment
Share on other sites

1 minute ago, LastManStanding said:

Ashley Madison data leak ainappudu kuda intha badha padi undaru janam

browsing history chusthe daduchukoni chastaru ani bayou bro crowd ki

Link to comment
Share on other sites

Kaani adhi thappu kadaa annaai nen oka router koni nelaki 600 bill kaduthunte Vere vaadu naa password dobbesi naa data denkeyyadam maha aparaadham kada table fan annaai

Link to comment
Share on other sites

18 minutes ago, aakathaai123 said:

Kaani adhi thappu kadaa annaai nen oka router koni nelaki 600 bill kaduthunte Vere vaadu naa password dobbesi naa data denkeyyadam maha aparaadham kada table fan annaai

Hotspot finder app adi chesindhi not router. Router lo password change chesaka no one can get-in unless you do hard reset which is only available on your router itself. Two factor authentication pettukunedhi andhuke

Link to comment
Share on other sites

Just now, tacobell fan said:

browsing history chusthe daduchukoni chastaru ani bayou bro crowd ki

True bro. Na browser history bayataki vaste na wife 211-divorce ki call chestadi

Link to comment
Share on other sites

Just now, tacobell fan said:

Hotspot finder app adi chesindhi not router. Router lo password change chesaka no one can get-in unless you do hard reset with is only available on your router itself. Two factor authentication pettukunedhi andhuke

Ide example..niku chudu enni teluso..naku password and router tappithe em aramkala....peta lo ne oka genius and oka dummy unnam..India lo inka entha mando

Link to comment
Share on other sites

1 minute ago, tacobell fan said:

He is a vet. So don't ask these questions.

Lol bro

2 minutes ago, Sucker said:

Baa house theesi neeku acc vunda dantlo _-_

Undedhi bro naku pelli kakamundu..oka nallame tho chala sarlu poya bayataki and oka maccu pori tho kuda..inkosari okati tagilindi, date ki poyaka..are u a doctor? I know Indians are rich..can u be my sugar daddy anindi..rate cheppu anna..every sunday $1k and lingerie shopping cheyiste chalu anindi..mundu ivala night motel ki podam..I should know what am getting into ani..pani chesi, oka forn tiskoni..repu evening 6 ki ready undi malla ki podam lingerie shopping ki ani cheppi..5:55 ki block chesi para10ga..adhi dani yeshalu.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...