A popular hotspot finder app that helps users find nearby Wi-Fi hotspot has exposed the passwords of over two million wireless networks.
The app, which is called Wi-Fi Finder, allows users to upload Wi-Fi network passwords from their devices to the app’s database so that they can share their network with others.
Wi-Fi network passwords
However, it appears that over two million Wi-Fi network passwords were left unsecured and unencrypted, allowing anyone to download and access the database.
The database was first discovered by Sanyam Jain, a security researcher and a member of the GDI Foundation, according to TechCrunch.
Both Jain and TechCrunch attempted to contact the Chinese company that created the app but were unsuccessful.
They eventually got in to touch with DigitalOcean, the host of the unprotected database, who managed to take down the database within 24 hours.
“We notified the user and have taken the [server] hosting the exposed database offline,” a spokesperson told TechCrunch.
Home Wi-Fi networks
The developer claims that the app only provides passwords for public hotspots, however, when analysed, the data showed countless home Wi-Fi networks.
TechCrunch found out that the exposed database contains “contact information for any of the Wi-Fi network owners, but the geolocation of each Wi-Fi network correlated on a map often included networks in wholly residential areas or where no discernible businesses exist.”
The app doesn’t require users to obtain permission from the network owner, exposing Wi-Fi networks to unauthorised access. With access to a network, hackers may be able to modify your router settings, read unencrypted traffic on your network, and change DNS servers.