Novatel MiFi Mobile Hotspot security vulnerabilities uncovered?

By on Jan 17, 2010 at 2:25 PM
General January 17, 2010

mifi-review-2

Novatel’s MiFi Mobile Hotspot, sold by both Verizon Wireless and Sprint as the MiFi 2200, may have multiple security vulnerabilities which would allow a remote user to access the GPS location of your device and change the wireless settings of your MiFi, effectively terminating your internet connection and forcing you to reset your device back to factory settings. Adam Baldwin of nGenuity supposedly discovered some gaping holes in the web interface for this mobile hotspot that can be exploited for the above nefarious purposes. Purported security holes available for exploit include:

  • MiFi does not require a valid session to commit changes to its configuration settings
  • GPS can be enabled without the users knowledge by visiting a malicious website. The user may be presented with a “login required” request but most users won’t bat an eye and will just click on through
  • The web interface does not protect against Cross-Site Request Forgery (CSRF) so a malicious website could “do evil things like change the wireless settings of the MiFi”
  • Certain portions of the web interface improperly encode data back to the data, an example is the key field for the Wi-Fi settings which exposes the clear text of the field

Baldwin posted a proof of concept video on his website and has reportedly contacted Novatel about the vulnerabilities. We have no way to confirm his findings but supposing they’re true, any MiFi users out there feel a little less safe today?

[Via Phone Arena]

Read

Tags:
, , ,
18 Comments

Related Articles

  • James

    Now I am just glad that I don’t have one of these.

  • http://www.bgr.com Abercrombie & Fitch

    wow i rather go to a stackbucks to get internet connection on my Storm2 instead.

    • http://www.bgr.com Abercrombie & Fitch

      Correction- Wow I rather go to starbucks to get a internet connection on my hp laptop or on my Storm2 when i decide to go get me a good brewed iced coffee with my sugar cookies lol.

      • Carmen

        Why do people hate on so much shit? Live your life, bro.

  • http://www.bgr.com Abercrombie & Fitch

    Really? so will this happen to the pre plus too since it will have a built in hot spot mifi thingy?

  • http://andyet.net Adam Brault

    Ha! Why the question mark in the headline?

    Most certainly Mr. Baldwin uncovered and demonstrated security vulnerabilities in the MiFi device.

    • http://www.bgr.com Kelly Hodgkins

      Though what he says sounds reasonable and looks to be accurate, I can not verify it myself nor have I seen it verified by another source. I believe it enough to report on it but I can not say with 100% assurance that it is true, so I put in the question mark.

  • http://ngenuity-is.com Adam Baldwin

    I decided not to release the exploit code as a fix was not available, but the blog post has enough detail. I realize there is no way to verify these findings (other than doing it yourself, which is pretty obvious if you read the blog post).

    I can say for certain that it works just fine on the Verizon and Sprint MiFi’s that I was able to get my hands on.

    • Dakota

      Why not just release the damn thing, then?

      Showing off the fact that “oh hey, I can exploit something” doesn’t do much for Novatel releasing a patch promptly.

      Releasing the code into the wild where everyone can pour over the sheer stupidity of the MiFi developers, then yes, Novatel will then probably fix it quite a bit faster than you waving it around in the air.

  • Richard

    Doesn’t bother me. If my MiFi connection stops, signaling a settings change, I’ll reset it. I still feel more comfortable with my own connection versus using someone else’s.

  • Samarcande

    I can say for certain that it works just fine on the Verizon and Sprint MiFi’s that I was able to get my hands on.
    http://webizland.blogspot.com

  • dadeboe

    I have one but I’m not worried. What are the chances that you are sitting close enough to someone with the knowledge and expertise AND desire to jack up your mifi?

    • Ivan G

      You don’t have to be close to someone with a MiFi. It’s about whenever you visit a malicious website with the code.

  • Matt Thompson

    MiFi -users-? I didn’t know there were any.

  • Mannie

    I use a Mifi in Kuwait and well while this is a bit alarming and I hope a fix is made quickly… I am in Kuwait, people here have no idea where to begin when it comes to hacking, lol. No serious, lets get this issue fixed.

  • Unsurprised

    It’s an electronic device. Maybe it is me but a hacker, if they want to try hard enough, can probally find a way to hack any type of internet connection if they desired too. Everything will seem to have security flaws…

  • Stephen

    I think the bigger issue is, why did Verizon disable the GPS chip in the MiFi but leave it inside… I’ve since switched to the Overdrive…is that more secure?

  • Mutauro

    Ok. So verizon disables the GPS. But this exploit can allow me acess to the “disabled” GPS location? Can Adam Baldwin at least show us how to exploit our own mifis for GPS location? Giving verizon costumers access to extra features would help motivate verizons demand for a patch. And in the mean time I can use google maps far more effectively.

blog comments powered by Disqus