Novatel MiFi Mobile Hotspot security vulnerabilities uncovered?

mifi-review-2

Novatel’s MiFi Mobile Hotspot, sold by both Verizon Wireless and Sprint as the MiFi 2200, may have multiple security vulnerabilities which would allow a remote user to access the GPS location of your device and change the wireless settings of your MiFi, effectively terminating your internet connection and forcing you to reset your device back to factory settings. Adam Baldwin of nGenuity supposedly discovered some gaping holes in the web interface for this mobile hotspot that can be exploited for the above nefarious purposes. Purported security holes available for exploit include:

  • MiFi does not require a valid session to commit changes to its configuration settings
  • GPS can be enabled without the users knowledge by visiting a malicious website. The user may be presented with a “login required” request but most users won’t bat an eye and will just click on through
  • The web interface does not protect against Cross-Site Request Forgery (CSRF) so a malicious website could “do evil things like change the wireless settings of the MiFi”
  • Certain portions of the web interface improperly encode data back to the data, an example is the key field for the Wi-Fi settings which exposes the clear text of the field

Baldwin posted a proof of concept video on his website and has reportedly contacted Novatel about the vulnerabilities. We have no way to confirm his findings but supposing they’re true, any MiFi users out there feel a little less safe today?

[Via Phone Arena]

Read

blog comments powered by Disqus