A well meaning app may have your WiFi password
MILLIONS OF home WiFi passwords have been leaked after being shared with an app designed to help people get online.
WiFi Finder only boasts 1,500 or so installs on the Google Play Store, but the developer, listed as Proofusion has collated hundreds and thousands of other WiFi passwords.
The app is, as the name suggests, designed to make it easier to find WiFi hotspots in your area, but its utopian vision has gone completely Pete Tong following some research from the GDI Foundation for TechCrunch.
It found that the database of over two million passwords had been left on a cloud server, publicly available and completely unprotected, meaning that anyone who found it could easily download the whole shebang.
Despite repeated, failed attempts, the developer (Chinese – plus ca change) has not responded to questions on the matter, and in the end, the cloud host, DigitalOcean agreed to take the database down unilaterally.
Every record contained not only the SSID for the network but also its password and exact location.
This brings into sharp focus what a hot mess this app actually is – a user could access the database and join the network without ever asking the owner’s permission.
Although the developer describes the app as being about public wifi hotspots, the data clearly shows home networks too, and the mapping locations often show areas with no businesses. ‘Tens of thousands’ of the passwords are for US networks.
Once on a network, it’s fairly obvious the sheer level of mischief that a hacker could cause – not only stealing data but also changing settings, perhaps pointing the router at a different DNS which would allow them to slurp up future activity in real time.
At the time of writing, the app is still live on Google Play, though without its database, it’s likely to be a bit useless.
If you downloaded the app, we’d recommend changing your router password and checking your DNS settings are what you thought they were.
Like, now. Seriously. μ
Source : Inquirer