App Exposes Wi-Fi Credentials for Thousands of Private Networks

  /     /     /  
Publicated : 23/11/2024   Category : security


App Exposes Wi-Fi Credentials for Thousands of Private Networks


A database used by WiFi Finder was left open and unprotected on the Internet.



For travelers, finding available Wi-Fi hotspots has become a task on the same level as finding public restrooms or drinkable coffee — one of the necessities of modern life. Travelers who turned to a free Android app called WiFi Finder might have found a convenient hotspot, but in doing so they potentially helped hackers find thousands of private wireless networks.
Security researcher Sanyam Jain found the database used by WiFi Finder was open to the Internet, unprotected by either authentication or encryption. Within that database were Wi-Fi network names, their precise geolocations, basic service set identifiers (BSSIDs), and network passwords for thousands of Wi-Fi networks, both public and private.
The same feature — allowing users to pull up login information for Wi-Fi hotspots — that provided login convenience for public networks created a huge security issue for home and private business networks.
The HotSpot finder app presumes their user has the authority to disclose potentially sensitive information and thus can consent to the app receiving and potentially storing that data, says Tim Mackey, senior technical evangelist at Synopsys. This then creates a situation where the threat model defined by the WiFi network owner might be insufficient.
The database has been taken offline by the hosting provider, but Mackey recommends that Wi-Fi network administrators change passwords. He also advises using this as a reminder that regular network monitoring and a process of password changes are reasonable security steps for any network.
Read more 
here
.
 
 
 
Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industrys most knowledgeable IT security experts. Check out the
Interop agenda
here.

Last News

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
App Exposes Wi-Fi Credentials for Thousands of Private Networks