Saturday, July 4, 19:35
Home security WiFi Finder: Leak over 2 million Wi-Fi network passwords

WiFi Finder: Leak over 2 million Wi-Fi network passwords

The WiFi Finder, an Android application that is installed by more than 100.000 users in Google Play, has leaked over 2 million network passwords Wi-Fi.

Although the application is designed to detect and connect to public Wi-Fi hotspots near the user, it also has a feature that allows users to share them hotspots that they find with others. Here are the problems of security and privacy.

To make it easier for users not only to identify and connect to the nearest Wi-Fi hotspot, the WiFi Finder includes a feature that allows users to load network passwords.

The app, which appears to be of Chinese origin, encourages users to share this information and become a member of a Wi-Fi community. App description, which is still available for download from Google Play, asks users to "be social and share the Wi-Fi hotspots."

According to security researcher Sanyam Jain, a member of the GDI Foundation, the database resulting from these transplants was "open and unprotected, allowing anyone to access and download the content. "

What information has been exposed?

The exposed database did not contain contact information with the Wi-Fi network owners whose data was included, but it included Wi-Fi network names, exact geographic location and passwords stored in simple text. The worst case scenario is that although the application developer claims the app only provides passwords for public hotspots, a review of the data showed countless home Wi-Fi networks.

What does this mean?

There seem to be three main issues here:

  • Users have accidentally uploaded their own Wi-Fi network passwords, prompted by the "share Wi-Fi" message in the app.

Application developers have failed to secure the database where all of this data is stored and failed to meet basic security rules, such as never storing unencrypted passwords.

  • Because the application does not distinguish between public access points and home Wi-Fi networks, the latter are vulnerable to a possible hacking attack.

It should be noted that while there is the possibility of an attack, there are no indications of violated systems in this case. The database is now offline

What should you do now?

If you have not downloaded and installed the WiFI Finder, there is no real reason to worry. There is only cause for concern if you share your information Wi-Fi using the send function in the community. If you have, then you need to change your Wi-Fi password immediately. In general, this incident should be seen as a warning about why downloading applications from unknown and therefore unreliable developers is dangerous.


Please enter your comment!
Please enter your name here


COVID-19: New research looks for antibodies in blood donors

The American Red Cross is examining the blood that has come from donations, and is looking for COVID-19 antibodies that will give it ...

Digital Transformation and Business: What Does Its Failure Mean?

Digital transformation is usually a way for businesses to outperform their competitors and get rid of methods that ...

Covaxin: India releases COVID-19 vaccine in August

The whole planet is waiting for the release of the vaccine for coronavirus, while clinical trials have begun in many countries around the world ....

iOS 13.5.1: iPhone users report battery issues

Have you noticed any changes to your iPhone lately? Maybe, for example, the battery runs out quickly ...

Avaddon ransomware: Attacks through Excel 4.0 macros

Microsoft announced yesterday that Avaddon ransomware spread this week through an old technique that came to the fore again. The...

Apple: Prohibits updating Chinese Apps without permission

Apple is banning developers from updating existing apps in China's App Store if they don't have government approval.

Australia: Thousands of MyGov accounts are sold on the Dark Web

Access to more than 3600 MyGov accounts is being sold on the dark web, potentially exposing thousands of Australians to fraud and identity theft.

Party Time: Watch TV with your friends online

Party Time: Watch TV with your friends on the internet Time for a different party than you are used to, watching your favorite ...

CISA and FBI warn businesses of Tor's risks

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a warning to businesses regarding ...

openSUSE: The new Leap 15.2 hard drive has been released

Recently, the next stable version of the openSUSE operating system was released. According to the development team of the operating system, ...