Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Security Privacy Wireless Networking

WiFi Finder, a Popular Hotspot Finder App, Exposed 2 Million Wi-Fi Network Passwords (techcrunch.com) 31

Posted by msmash from the security-woes dept.
A popular hotspot finder app for Android exposed the Wi-Fi network passwords for more than two million networks. From a report: The app, downloaded by thousands of users, allowed anyone to search for Wi-Fi networks in their nearby area. The app allows the user to upload Wi-Fi network passwords from their devices to its database for others to use. That database of more than two million network passwords, however, was left exposed and unprotected, allowing anyone to access and download the contents in bulk. Sanyam Jain, a security researcher and a member of the GDI Foundation, found the database and reported the findings to TechCrunch. We spent more than two weeks trying to contact the developer, believed to be based in China, to no avail. Eventually we contacted the host, DigitalOcean, which took down the database within a day of reaching out. "We notified the user and have taken the [server] hosting the exposed database offline," a spokesperson told TechCrunch.
This discussion has been archived. No new comments can be posted.

WiFi Finder, a Popular Hotspot Finder App, Exposed 2 Million Wi-Fi Network Passwords More

WiFi Finder, a Popular Hotspot Finder App, Exposed 2 Million Wi-Fi Network Passwords

Comments Filter:

  • Data breach isn't even the problem (Score:5, Insightful)

    by omnichad ( 1198475 ) on Monday April 22, 2019 @11:50AM (#58472028) Homepage

    This is no breach. It's publicly shared passwords being shared...publicly. Anyone who shared their password with this service should assume no security in the first place - it was kind of the point. No one should have.

    • The only use for this app was if you don't want to be bothered to read the password posted in, say, a Cafe that offers free wifi to it's own customers. Or you want to use that Cafe's wifi from outside the cafe but you aren't a customer so you don't know the password, but someone shared/leaked it for you on this app.

      Looks like an app for freeloaders.

    • Re:Data breach isn't even the problem (Score:4, Interesting)

      by RobinH ( 124750 ) on Monday April 22, 2019 @12:22PM (#58472190) Homepage
      The summary says "The app allows the user to upload Wi-Fi network passwords from their devices to its database for others to use." (Emphasis mine.) That's a little ambiguous. I don't think it means your router, I think it means from your phone. I have a feeling the main use was to upload passwords for free WiFi hotspots, such as in cafes, restaurants, small businesses, or maybe in their friends' houses, so people out in the parking lot or on the street could use it. Technically the non-paying customer would likely not be complying with the T.O.S. etc., and in any case I can't think of a very good legitimate use case. The worst case would be if it uploaded your friend's home WiFi password that they gave you in confidence, and then your neighbor could use your WiFi. Not cool.
    • The whole point of putting a password on a WiFi network is to prevent just anyone from using it. The WiFi owner wanted to restrict access to just a few select people he shared passwords with. If he wanted anyone to be able to use his WiFi, he wouldn't have put a password on it, he would have made it an open hotspot. So the sole purpose of the app is to contravene the wishes of WiFi owners.

      Password-sharing like this will just drive places offering free WiFi to customers to discontinue it (e.g. hotels)

      • I remember when wifi first came out, a minority of the technical people wanted per-user tokens. And for years, many coffee shops and deli-style restaurants printed a wifi code on the receipt. Eventually routers came with better firewalls, certain types of abuse went down, and they just started posting passwords.

        Hotels might just start rotating the password. I have definitely been to hotels where the printed materials directed me to discover the wifi password in the front lobby, and it was something with a n

  • Voluntarily-shared passwords shared, news at 11 (Score:3)

    by JoeyRox ( 2711699 ) on Monday April 22, 2019 @11:53AM (#58472042)
    In other news, McDonald's hamburgers are awful.

  • So? Where's the contradiction? (Score:5, Insightful)

    by Rosco P. Coltrane ( 209368 ) on Monday April 22, 2019 @11:54AM (#58472050)

    The app allows the user to upload Wi-Fi network passwords from their devices to its database for others to use. That database of more than two million network passwords, however, was left exposed and unprotected, allowing anyone to access and download the contents in bulk.

    People download an app to share their passwords with everybody, and then someone gets their pants in a knot because the passwords are available to everybody? What's the problem?

    • Re: (Score:2)

      by Cederic ( 9623 )

      One person sharing their password: Idiot.

      Someone collecting two million passwords from idiots and providing them in a searchable database: Serious data breach.

      That's the problem.

  • ... enters passwords into a random app anymore?

  • "The app allows the user to upload Wi-Fi network passwords from their devices to its database for others to use"

    I guess "others" did use them. In bulk.

  • Microsoft Files Patent Infringement Suit Against WiFi Finder. "We had this colossally stupid idea first," [slashdot.org] says Microsoft spokespern.

Slashdot Top Deals

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Close