Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Wednesday April 24 2019, @08:23AM   Printer-friendly
from the definitely-a-hot-spot dept.

Submitted via IRC for Bytram

A hotspot finder app exposed 2 million Wi-Fi network passwords – TechCrunch

A popular hotspot finder app for Android exposed the Wi-Fi network passwords for more than two million networks.

The app, downloaded by thousands of users [Ed: link appears to have been removed], allowed anyone to search for Wi-Fi networks in their nearby area. The app allows the user to upload Wi-Fi network passwords from their devices to its database for others to use.

That database of more than two million network passwords, however, was left exposed and unprotected, allowing anyone to access and download the contents in bulk.

Sanyam Jain, a security researcher and a member of the GDI Foundation, found the database and reported the findings to TechCrunch.

We spent more than two weeks trying to contact the developer, believed to be based in China, to no avail. Eventually we contacted the host, DigitalOcean, which took down the database within a day of reaching out.

“We notified the user and have taken the [server] hosting the exposed database offline,” a spokesperson told TechCrunch.

Each record contained the Wi-Fi network name, its precise geolocation, its basic service set identifier (BSSID) and network password stored in plaintext.

[...] Tens of thousands of the exposed Wi-Fi passwords are for networks based in the U.S.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by janrinok on Wednesday April 24 2019, @05:49PM (4 children)

    by janrinok (52) Subscriber Badge on Wednesday April 24 2019, @05:49PM (#834426) Journal

    I'm not sure if the uploading of data to the cloud was meant to be known, or whether the intention was to limit it to retrieving data that an individual had uploaded personally. This could either have been an attempt to gather router passwords for purposes that can only be guessed at, or whether it was simply poorly written software without thought to the security of the data collected.

    The database has now been shutdown and the app withdrawn, which is unfortunate in some ways. How will anyone know if their router has been compromised and thus should change their passwords? As ever, play safe and change it anyway.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by DannyB on Wednesday April 24 2019, @06:32PM (2 children)

    by DannyB (5839) Subscriber Badge on Wednesday April 24 2019, @06:32PM (#834448) Journal

    I agree with your other posts here that the WiFi passwords were intended to be used only by the people they were issued to. They didn't expect those people to share them. If the WiFi had been intended to be used by all, it wouldn't have had a password. Example: a hotel WiFi.

    You point out a bigger implication I hadn't even thought of. How are all of the WiFi owners whose passwords appeared in this database to be made aware of this? They have no idea they might need to change their password.

    If this database had not been publicly exposed, those WiFi owners might never realized they are getting increased use of their WiFi from non-customers. Not everyone will have a sophisticated enough system to issue unique passwords to each customer that are good for X number of days.

    --
    People today are educated enough to repeat what they are taught but not to question what they are taught.
    • (Score: 0) by Anonymous Coward on Wednesday April 24 2019, @07:13PM

      by Anonymous Coward on Wednesday April 24 2019, @07:13PM (#834460)

      You can change a password before it is compromised.

    • (Score: 2) by kazzie on Wednesday April 24 2019, @10:28PM

      by kazzie (5309) Subscriber Badge on Wednesday April 24 2019, @10:28PM (#834531)

      If the WiFi had been intended to be used by all, it wouldn't have had a password. Example: a hotel WiFi.

      Many small hotels and coffee shops set a password on their "free" wifi, then post said password on the wall for all their customers to read and use.
      (It's to discourage passers-by from lingering in the street to get free internet access, I guess.)

  • (Score: 0) by Anonymous Coward on Wednesday April 24 2019, @07:16PM

    by Anonymous Coward on Wednesday April 24 2019, @07:16PM (#834462)

    I think it sounds like a great App. A BugMeNot for wifi.