If an attacker used the app to get onto your home network, they could do all kinds of malicious activities to your data, including reading the unencrypted traffic that might contain other passwords. The app also doesn’t ask for permission from the network owner, making a mockery of WiFi security. TechCrunch tried to contact the developer to rectify the situation, and when that failed, reached out to the hosting provider, DigitalOcean, which took down the database. With over 100k downloads according to the Google Play Store, that could mean that anywhere up to that number of home networks were leaked by the unsecured database As all the networks in the database included geolocation data, overlaying that with a map showed so-called Public hotspots in heavily residential areas, or where no businesses existed. The app developer only mentions that the app provides passwords for public hotspots, but TechCrunch found that wasn’t the case – “countless home WiFi networks” were among the passwords in the database. That means that home network passwords were also grabbed off devices, making the leaking of the passwords pretty serious indeed. The app also invites users to share their WiFi hotspot passwords, which then uploads the WiFi credentials stored on their devices to the central database. The handy app lets users search for WiFi networks in their local area, and then connect to those it already has credentials for in its database. The Android app in question, WiFi Finder, leaked over two million network passwords by leaving its database unprotected. Another day, another breach, this time from a popular WiFi hotspot finder app.
0 kommentar(er)
