Take the pledge to vote

For a better tommorow#AajSawaroApnaKal
  • I agree to receive emails from News18

  • I promise to vote in this year's elections no matter what the odds are.
  • Please check above checkbox.

    SUBMIT

Thank you for
taking the pledge

Vote responsibly as each vote counts
and makes a diffrence

Disclaimer:

Issued in public interest by HDFC Life. HDFC Life Insurance Company Limited (Formerly HDFC Standard Life Insurance Company Limited) (“HDFC Life”). CIN: L65110MH2000PLC128245, IRDAI Reg. No. 101 . The name/letters "HDFC" in the name/logo of the company belongs to Housing Development Finance Corporation Limited ("HDFC Limited") and is used by HDFC Life under an agreement entered into with HDFC Limited. ARN EU/04/19/13618
CO-PRESENTED BY
Tech
»
1-min read

WiFi Hotspot App Exposed Over Two Million Passwords in Plain Text

The data is reportedly offline now, but had previously left login credentials and geolocations of many private Wi-Fi networks online, without encryption.

News18.com

Updated:April 24, 2019, 11:03 AM IST
facebookTwittergoogleskypewhatsapp
WiFi Hotspot App Exposed Over Two Million Passwords in Plain Text
WiFi Hotspot App Exposed Over Two Million Passwords in Plain Text (Getty Images)
A popular public Wi-Fi hotspot finder application had left its database of Wi-Fi network credentials, including geolocation and login credentials, connected to the internet, and without any form of protection. The issue, spotted by security researcher Sanyam Jain and reported by TechCrunch, has been seemingly resolved since brought to light, and the database host has taken down all the data in a bid to prevent a potential cyber catastrophe.

However, the latest incident marks a series of similar lapses in reasonable cyber security steps that are expected of services, with databases left online without any form of encryption, or even a password. The app in question is meant for sharing public Wi-Fi hotspots while users connect to it, and automatically uploads such passwords to an online database. However, while uploading public network credentials, the app also uploaded a large set of private network data, complete with login credentials and geolocation details to the server.

To make things worse, all of this, along with each network’s BSSID (basic service set identifier), which can be used to identify and track down a network, was uploaded online and stored in plain text, making it available for anyone to read. The security implications are ominous, for any user with malicious intent can tap into the data, modify router settings and redirect users into genuine-looking sites ridden with all forms of malware, which could in turn lead into phishing or ransomware attacks.

Thankfully, there were no private contact details included within the database. This marks yet another close shave in terms of severe personal data damage, and another win for white hat cyber security researchers in the endless saga of cyber warfare.
| Edited by: ---
Read full article
Next Story
Next Story

Also Watch

facebookTwittergoogleskypewhatsapp
 
 

Live TV

Countdown To Elections Results
  • 01 d
  • 12 h
  • 38 m
  • 09 s
To Assembly Elections 2018 Results