Searching for a reliable hotspot can be the most challenging task when you are out and about. “WiFi Finder” an Android App which was downloaded by more than 500 thousand users was intended to make the process a walk in the park. By simply launching the app users were able to find Wi-Fi hotspot on a map by fastest network speed.
However, the popular app ended up exposing over two million networks stored on an unsecured database server, reported by TechCrunch. Sanyam Jain, a security researcher and member of GDI Foundation discovered the exposed database available for download.
“Many users think that passwords are the most important features of a Wi-Fi Database. Much more import is information about connection quality and internet speed.”App description as it appears on Play store.
‘Wifi Finder” which is developed by “Internet Speed, Etrality” on play store is used by travelers and locals to find open networks to connect to. Unfortunately, the developers did not take preventive measures to safely store two million network password. Consequently, the data exposed included Wifi network name (SSID), precise Geolocation, basic service set identifier (BSSID) and passwords which were stored in plain-text.
‘Wifi Finder” which is developed by “Internet Speed, Etrality” on play store is used by travelers and users to find open networks to connect to. The app stored over two million network passwords on the unsecured database server which exposed Wifi network name (SSID), precise Geolocation, basic service set identifier (BSSID) and passwords which were painfully stored in plain-text.
It was claimed by the developer that the app only shared public hotspots but in fact, the database exposed revealed a different story. By analyzing the Geolocation data it was confirmed that 10,000 networks were of the private home networks.
There were people warning against downloading such an app because allowing random people to access your personal WiFi network can open your network to a wide array of problems. Your web activity on the network can be monitored, users can surf illegal website bringing legal problems to you.