Wi-Fi Finder app leaks more than 2 million passwords

Wi-Fi is like the keys to the universe these days. Many people even ask for the Wi-Fi password even before they’ve said hello. We all want it and we all need it, seemingly all the time. We need Wi-Fi so much that that there are a lot of apps out there, all designed to help us find it and connect to it. Unfortunately, not all these apps are as well made or secure as they should be and now it seems the inevitable has happened.

The app Wi-Fi Finder has leaked over 2,000,000 Wi-Fi passwords online

Wi-Fi Finder has been downloaded by over 100,000 people and has collected over 2 million passwords. The app is designed to help users locate public Wi-Fi spots and then, in some cases, provide the required login details to help them connect to the network.

The way the app collects passwords is by asking users to upload their password lists to the central server. Theoretically, this makes all of the Wi-Fi hotspots they’ve ever signed into available to all users of the app. The flipside of this, however, is that the app can’t differentiate between home Wi-Fi networks and public hotspots. This means it is highly likely that all users who’ve uploaded Wi-Fi security credentials to the app have unwittingly uploaded the security details of their home networks to the Wi-Fi Finder password list too.

It gets worse for Wi-Fi Finder users, of which there are tens of thousands in the U.S. , as the list of over 2 million Wi-Fi passwords has now been leaked online. As well as containing network names and passwords, the list also contains precise location data on where each network is. If you’ve uploaded passwords to that list, then not only is the name of your Wi-Fi network and the password needed to access it available online, but its exact location is available, too.

Potential issues that could arise from this kind of vulnerability include the spreading of malware across your home network and the takeover of smart devices like security cameras and AI augmented speakers. In practice, however, this type of action on a targeted and personal level would likely fall low on a list of priorities for a serious cyber-criminal or hacker.

The fact remains though. If you downloaded Wi-Fi Finder, you need to delete it and change your home Wi-Fi password immediately.

Unfortunately, downloading apps safely requires vigilance and awareness. To avoid this type of thing happening to you, you should always check the developer behind the app you’re looking to download and also go through the permissions the app is asking for. Wi-Fi Finder asked for a startling number of permissions including locations, full contact lists, and even the ability to read, modify, and delete data. Asking for too many permissions is a dead giveaway that an app shouldn’t be trusted.

For more information on how to avoid downloading disreputable apps check out our tutorial below.

How to detect fake apps in the Google Play Store in just 3 steps

Leave a Reply

Your email address will not be published. Required fields are marked *