Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Wednesday April 24 2019, @08:23AM   Printer-friendly
from the definitely-a-hot-spot dept.

Submitted via IRC for Bytram

A hotspot finder app exposed 2 million Wi-Fi network passwords – TechCrunch

A popular hotspot finder app for Android exposed the Wi-Fi network passwords for more than two million networks.

The app, downloaded by thousands of users [Ed: link appears to have been removed], allowed anyone to search for Wi-Fi networks in their nearby area. The app allows the user to upload Wi-Fi network passwords from their devices to its database for others to use.

That database of more than two million network passwords, however, was left exposed and unprotected, allowing anyone to access and download the contents in bulk.

Sanyam Jain, a security researcher and a member of the GDI Foundation, found the database and reported the findings to TechCrunch.

We spent more than two weeks trying to contact the developer, believed to be based in China, to no avail. Eventually we contacted the host, DigitalOcean, which took down the database within a day of reaching out.

“We notified the user and have taken the [server] hosting the exposed database offline,” a spokesperson told TechCrunch.

Each record contained the Wi-Fi network name, its precise geolocation, its basic service set identifier (BSSID) and network password stored in plaintext.

[...] Tens of thousands of the exposed Wi-Fi passwords are for networks based in the U.S.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Funny) by Anonymous Coward on Wednesday April 24 2019, @09:55AM

    by Anonymous Coward on Wednesday April 24 2019, @09:55AM (#834274)

    Users: Security is too hard. Make it easier to find free WiFi!
    App developers: DONE! Your passwords are now shared with everyone!

    You forget,

    3. scanner find database online
    4. "security expert" informs developer no shared password used to access DB
    5. dev confused because data is public anyway by #1/#2
    6. clueless make headlines and shutdown app
    7. #1 users "OMG"

    Starting Score:    0  points
    Moderation   +2  
       Funny=2, Total=2
    Extra 'Funny' Modifier   0  

    Total Score:   2