Popular Android applications looking for public Wi-Fi hotspots exposed passwords on over 2 million networks worldwide.
This app is called the WiFi Finder and tracks your connected networks nearby.. With the platform, you can load the passwords stored on your device into the database so other users who want to connect to the Wi-Fi service in question can use those credentials.
The problem indicates that these passwords must be protected, as if they were published. TechCrunch. Sanyam Jain, a security researcher and member of the GDI Foundation, Apps I reported this case by providing all the information and contacting the portal.
TechCrunch He tried to find a developer based in China, but says he did not succeed. Who could find a service host called Digital Ocean that removed the database?
Each record displays the name, geolocation, base service set identifier (BSSID), and access password of the Wi-Fi network in clear text. That is, it is not encrypted.
Also, Apps However, according to the analyzed data, it only provides access to the public network.He also had information about his personal Wi-Fi network. The name of this access point owner is not displayed in the file, but you can see the exact location of each network so you can track the wireless connection to your home and commercial office.
This puts your privacy and device security at risk. With this information, an attacker can modify the configuration of the router to redirect traffic to malicious web pages.
Dangers of public Wi-Fi networks
It is always dangerous to connect to a public Wi-Fi network beyond this special case. Because it can be a victim of a "man in the middle" style attack (Man in the middle), Because it is called when there is interference between the site to which the user is connected and the user.
If the site or network is not adequately protected, an attacker can steal information and steal data, even if the victim does not know it. Therefore, we do not recommend connecting to a public Wi-Fi network. We recommend that you do not enter confidential data.
On the other hand, it is always convenient to update the device's operating system, provide a security solution, and enable dual authentication elements in e-mail and social networks.
In other words, if the attacker has a password, it can not enter the platform because it requires a second activation method. For example, another key sent to the user via SMS or a used authentication app.