The popular Android application "WiFi Finder" revealed the Wi-Fi passwords of more than two million networks. The database of the application did not have reliable protection, with the result that the passwords were freely available, writes TechCrunch.
WiFi Finder allows users to upload passwords from Wi-Fi networks to a special database that is accessible to other users. The application has been downloaded and used by thousands of Google Play users. Due to the lack of a reliable security system, attackers could download the entire password database at once, TechCrunch notes. The geography of “stolen data” access points is not specified.
An expert in cyber security, Saniyam Jane (Sanyam Jain) said that after the discovery of the database for two weeks trying to get a response from the developer, allegedly located in China. However, no reaction followed. Passwords could be erased only after contacting the company that stored the data on its server.
According to Jane, all data was stored in a plain text document. When studying the files, not only passwords from public networks were found, but also from many home Wi-Fi networks.
The attackers, using these applications, could get passwords from other user services, such as email and social networks, as well as change the settings so that users of the access point would go to phishing sites.
Earlier in the UK, the National Cyber Security Center ranked a frequently cracked internet user password. According to the results of their research, the most frequently used unreliable password was “123456”. It is used by 23.2 million Internet users in Britain.