WiFi Finder App Leaks Two Million WLAN Passwords

An unprotected database of an Android app reveals the access data of two million WLANs. Users of the app should only be able to connect to public hotspots in an uncomplicated way, but the database also contains access data for many private Wi-Fis.

Although the app developer claims the app only provides passwords for public hotspots, a review of the data showed countless home Wi-Fi networks. The exposed data didn’t include contact information for any of the Wi-Fi network owners, but the geolocation of each Wi-Fi network correlated on a map often included networks in wholly residential areas or where no discernible businesses exist.

https://techcrunch.com/2019/04/22/hotspot-password-leak/

#Android #App #Databreach #WIFI
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES

OpenWrt (OPEN Wireless RouTer)

Open source project for embedded operating systems based on Linux, primarily used on embedded devices to route network traffic. All components have been optimized to be small enough to fit into the limited storage and memory available in home routers.

Supported devices
https://openwrt.org/supported_devices

Documentation
https://openwrt.org/docs/start

FAQ
https://openwrt.org/tag/faq

Forum
https://forum.openwrt.org


OpenWrt 19.07
The OpenWrt Community is proud to present the OpenWrt 19.07 stable version series. It is the successor of the previous 18.06 stable major release.

The OpenWrt 19.07 series focuses on bringing all supported targets to Linux kernel version 4.14 and introducing initial device tree based ath79 support.

All firmware images
https://downloads.openwrt.org/releases/19.07.0/targets

Release Notes
https://openwrt.org/releases/19.07/notes-19.07.0

Detailed Changelog
https://openwrt.org/releases/19.07/changelog-19.07.0

Browse Source
https://git.openwrt.org/?p=openwrt/openwrt.git;a=shortlog;h=refs/tags/v19.07.0


📡 @NoGoolag 📡 @Libreware
#openwrt #router #wifi #alternatives #linux

https://nitter.net/Snowden/status/1175430722733129729

#snowden #phone #mobile #Android #mic #wifi

Kr00k vuln in WiFi chips that allows unauthorized decryption of traffic

https://www.eset.com/int/kr00k

Comments: https://news.ycombinator.com/item?id=22425615

#kr00k #wifi #wpa2 #vulnerability

French bar owners arrested for offering free WiFi but not keeping logs

https://www.cozyit.com/french-bar-owners-arrested-for-offering-free-wifi-but-not-keeping-logs

Archived: https://web.archive.org/web/20201004233849/https://www.cozyit.com/french-bar-owners-arrested-for-offering-free-wifi-but-not-keeping-logs/

Comments
https://news.ycombinator.com/item?id=24678702


#france #bar #wifi #logs

Wi-Fi devices set to become object sensors by 2024 under planned 802.11bf standard

Security and privacy still left to fix, preferably before launch

In three years or so, the Wi-Fi specification is scheduled to get an upgrade that will turn wireless devices into sensors capable of gathering data about the people and objects bathed in their signals.

https://www.theregister.com/2021/03/31/wifi_devices_monitoring

#wifi #bf

How a 30-year-old technology – WiFi – will turn into our next big privacy problem

WiFi can be traced back to 1991, but it was in the late 1990s that the technology began to be taken up by the general public. Its success back then was by no means guaranteed. Although largely forgotten now, there was a rival approach called Home RF, which only gave up the fight in 2003 when it became clear that WiFi would become the standard for wireless local area networks (WLANs).

Since then, WiFi has become an increasingly important part of modern life, with hotels, restaurants and many other venues providing it for free as an expected part of their services. Over the years, the technology has improved, mostly in terms of speed and range. But there is a new iteration of the WiFi standard being developed that will have massive implications for privacy and surveillance. It goes by the unmemorable name of 802.11bf. Here’s how the IEEE, the organization that is drawing up the new standard, describes it:

"IEEE 802.11bf will enable stations to inform other stations of their WLAN sensing capabilities and request and set up transmissions that allow for WLAN sensing measurements to be performed, among other features. WLAN sensing makes use of received WLAN signals to detect features of an intended target in a given environment. The technology can measure range, velocity, and angular information; detect motion, presence, or proximity; detect objects, people, and animals; and be used in rooms, houses, cars, and enterprise environments."

The idea is simple. Radio waves are emitted from WiFi units that support the new 802.11bf, but not only to transfer data, as today. Instead, details of how those waves bounce off objects in their vicinity are gathered and analyzed to detect key features. Different uses are made possible by the availability of license-exempt frequency bands between 1 GHz and 7.125 GHz, and also above 45 GHz. The former will allow relatively large-scale motions to be detected – people or animals moving around, for example – and have the useful ability to pass through obstacles such as walls. The high frequencies, on the other hand, will have a shorter range, but be more precise: as well as gestures, it will be possible to track finer movements on a keyboard, for example. The two might be used in tandem, with the lower frequencies deployed to guide the tighter radio beam used with the higher frequencies.

https://www.privateinternetaccess.com/blog/how-a-30-year-old-technology-wifi-will-turn-into-our-next-big-privacy-problem/

#wifi #privacy #thinkabout
📡 @nogoolag 📡 @blackbox_archiv

WiFi devices going back to 1997 vulnerable to new Frag Attacks

https://therecord.media/wifi-devices-going-back-to-1997-vulnerable-to-new-frag-attacks/

A Belgian security researcher has discovered a series of vulnerabilities that impact the WiFi standard, with some bugs dating back as far back as 1997 and affecting devices sold for the past 24 years.

The vulnerabilities, known as Frag Attacks, allow an attacker within a device’s WiFi radio range to gather information about the owner and run malicious code to compromise a device, may it be a computer, smartphone, or other smart device.

Devices are also vulnerable even if the WiFi standard’s security protocols were activated, such as WEP and WPA.


#WiFi #vulnerability #frag

Holes in the WiFi

https://lwn.net/Articles/856044/

The discoverer of the KRACK attacks against WPA2 encryption in WiFi is back with a new set of flaws in the wireless-networking protocols. FragAttacks is a sizable group of WiFi vulnerabilities that (ab)use the fragmentation and aggregation (thus "Frag") features of the standard. The fixes have been coordinated over a nine-month period, which has allowed security researcher Mathy Vanhoef time to create multiple papers, some slide decks, a demo video, patches, and, of course, a web site and logo for the vulnerabilities.

Three of the vulnerabilities are design flaws in the WiFi standards, so they are likely present in all implementations, while the other nine are various implementation-specific problems. The design flaws may be more widespread, but they are much harder to exploit "because doing so requires user interaction or is only possible when using uncommon network settings". That means the real danger from FragAttacks lies in the programming errors in various WiFi implementations. "Experiments indicate that every Wi-Fi product is affected by at least one vulnerability and that most products are affected by several vulnerabilities."

In fact, in the FAQ section of the web site, Vanhoef offers to list any products that he can verify as not having been affected by the flaws described on the site. He also notes that even though the design flaws are difficult to exploit on their own, they can be combined with the other flaws found to make for a much more serious problem. "In other words, for some devices the impact is minor, while for others it's disastrous."
...

#wifi #hole #vulnerability

Assange once said, “A mobile phone is a tracking device that also makes calls”. He’s not wrong. There are countless ways that phones track our movements, and one of them is via WiFi probe requests.

In this video we explain how your phone automatically connects to your WiFi whenever you return home or to your favorite coffee shop, and why it leaves your device vulnerable to all kinds of attacks and surveillance -- it can allow people to maliciously intercept your internet traffic, track you, or find out personal information about you.

Main takeaways:
Turn your WiFi OFF when you're not using it
Don't automatically connect to WiFi networks
Forget networks after joining them
Keep your OS and device updated https://youtu.be/poaqwozBqHY

@GeopoliticsAndEmpire
#wifi #phone

Project INVICTUS: Inside the UK's Human Rights Busting Campaign to Spy on Refugees – Mint Press

The “full potential” could, Prevail declared, only be harnessed via a “GDPR exemption of some kind, as it is indiscriminate, passive collection against the general population.” By collecting targets’ Media Access Control (MAC) addresses, the company would be able to follow a “breadcrumb trail” of residual data they left while traveling through North West Europe.

This was achievable by conducting a “war drive” along those routes – identifying every vulnerable wireless network in these areas using a moving vehicle. Prevail noted such activity “would breach current permissions.” Indeed, the entire conspiracy constitutes an extraordinary infringement of British and European data protection standards and laws


#IMSIcatcher #IMSI #snooping #surveillance #wifi #wireless #EU #refugees #UK #GDPR
#PassiveDataCollection #Invictus #ProjectInvictus

0xor0ne@infosec.exchange - Nice project that collects the best Wi-Fi USB dongle with good Linux support
It contains a lot of up-to-date useful information

https://github.com/morrownr/USB-WiFi

#wireless #wifi #Linux #usbwifi

Snappy: A tool to detect rogue WiFi access points on open networks –

Cybersecurity researchers have released a new tool called 'Snappy' that can help detect fake or rogue WiFi access points that attempts to steal data from unsuspecting people.
Attackers can create fake access points in supermarkets, coffee shops, and malls that impersonate real ones already established at the location. This is done to trick users into connecting to the rogue access points and relay sensitive data through the attackers' devices.

#Cybersec #Python
#Wifi #RogueAccessPoints

#WiFi is part of the reason why they were able to get the poisons past the blood brain barrier…

#WiFi is part of the reason why they were able to get the poisons past the blood brain barrier…

⚡️Apple & Google WiFi Surveillance Can Track Death & Destruction
@takebackourtech

Chances are, if you’ve used Google Maps or Apple Maps, you’ve contributed to one of the biggest surveillance databases in the world.

Known for their accuracy, big tech maps can locate your phone within a few meters and even indoors.

No, these big tech maps aren’t using GPS - they’re using WPS or Wi-Fi positioning system.

These WPS systems collect millions of WiFi networks and tag them with locations.

Researchers in Maryland discovered through a flaw in Apple’s WPS that they could gather at least 2B (2 Billion) WiFi location points by requesting WiFi networks at random.

That’s enough points to cover the world’s populated areas, notably China was nearly empty except for a few thousand points. Looks like even the CCP can’t opt out of this surveillance.

We did the work for them.

When you use Google or Apple maps, your phone will send the nearby WiFi networks along with their signal strength to the WPS. The WPS will look up these networks in a database that has hundreds of millions of networks along with their location. The calculation is then performed on the server for Google location’s service, and on the phone for Apple location’s service - which sent a list of 400 additional WiFi points back.

And this is how you get a precise location for your phone. Any new WiFi networks you scanned are potentially added to the WPS databases.

Apple & Google have made their users the instrument of their surveillance.

And the things you can do with this surveillance are harrowing. The researchers were able to see how many WiFi access points went offline in Gaza due to the constant bombardment that caused the deaths of 40,000 civilians.

Similarly the researchers were able to see the damage from the August 2023 Maui fires, and the emigration of people from Ukraine to escape forced conscription.

Apple, Google and any organization they choose to share this WiFi data will have incredible capabilities. Don’t worry though - because these companies care so much about privacy - they give you a way to opt out.

Solutions

Add _nomap to the end of your WiFi SSID (name), Google and Apple promise not to index Wifi networks ending with those names.

Turn off your WiFi network and use ethernet cable.

Read primary source material here.

Get the latest updates on our mailing list: Above Phone

Above Book: Learn about our privacy laptop: https://abovephone.com/book

Above Suite: Use our privacy services: https://abovephone.com/suite

#TBOT #AbovePhone #WiFi #Surveillance #Big_Tech
—
https://takebackourtech.org
✌️ MORE POSTS | 🗯 CHAT GROUP | 📩 NEWSLETTER
Follow 🫶 @takebackourtech

New #WiFi Takeover Attack—All #Windows Users Warned To Upgrade To Linux Now

https://www.forbes.com/sites/daveywinder/2024/06/14/new-wi-fi-takeover-attack-all-windows-users-warned-to-update-now/