Cyber forensics course specialists report that WiFi Finder developers, an app for Android operating system, have just leaked more than two million passwords of WiFi access points. According to reports, the exposed access codes are part of a recently discovered online unsecured database.
The app, in addition to helping users to find
WiFi hotspots, exposed the user names and passwords of the access points used
by the entire user set. According to cyber forensics course specialists, the
exposed database had over 2 million of user name/password sets for thousands of
access points across the United States.
The developers of WiFi Finder are of Chinese
origin and the application has more than 500,000 downloads. Among the filtered
information are not only public WiFi access points, as they have also exposed
multiple access credentials for WiFi signals for home use.
The leaked database contains information such
as:
- WiFi
network names - Accurate
network geolocation - BSSID
identifier - Network
passwords
Although the exposed database did not include
personal details of the owners of the home or business networks, the geolocation
function in the app could give evidence of the identity of the owners.
Cyber forensics course specialists from the
International Institute of Cyber Security (IICS) consider that this incident
not only leaves the users of these access points in a compromising situation,
but also poses a risk for the access points’ owners.
According to cyber security specialists, an
unsecured access point can be the starting point for deploying multiple cyber
attacks, as a hacker could easily access a router and modify its configuration
for malicious purposes.
It is well known that, most of the time,
administrators of WiFi access points (whether domestic, business or public
access) rarely implement security measures beyond the setting of a password to
protect themselves against attack variants such as the well-known Man-in-The-Middle
(MiTM) attack.
