Warning: Proven Security Issue on MiFi 3G routers. (Updated with Novatel response)

Posted on 18 January 2010, Last updated on 01 April 2019 by

I’ve been extremely happy with the Mifi 2352 (and the Sprint version I used at CES) We voted it mobile gadget of the year and have previously highlighted it for ease of use and its ability to improve security over open hotspots. Unfortunately we’re going to have to retract the latter statement because of a serious security issue based around multiple vulnerabilities. The latest update highlights the ultimate danger.

http://evilpacket.net/2010/jan/14/mifi-geopwn/

1-16-2010:
@aramosf posted to twitter that the MiFi’s config can be directly accessed without authentication. If you combine his attack with the above attacks it turns out that an attacker can download the entire device configuration, including clear text credentials!

The hack has been proven on the Verizon version of the Mifi but we’d recommend caution for all Mifi users. Keep your Mifi out of view when in use and hide the SSD if possible.

Combined with further software installed on the application processor version of the MiFi, the 2352, it’s not difficult to imagine a situation where the MiFi is turned into a traffic logger.

We’ve contacted Novatel for a statement and will update you here on the latest.

Latest from Novatel:

MiFi has CGI parameters that are intentionally programmable so that developers can read or change MiFi settings and build browser based widgets.  Most of these are openly published by Novatel.  There are other CGI settings not published  for MiFi that are accessible only when a user surfs to a malicious web site and stays connected to that site.  The nature of the threat is better characterized by the ability of the hacker to change MiFi settings, only when connected to the malicious site, and does not provide access to the user’s personal data.  The exception to this is location data such as GPS.  In this instance, the user location data is visible only when the user is connected to the malicious site and GPS is activated.  No malware remains on MiFi when the user disconnects from the malicious site.  Any data received or sent through MiFi is secure.  Novatel will provide a patch going forward.

Recommended Reading

Top Ultra Mobile PCs

Dell Latitude E7440
14.0" Intel Core i5-4200U
Lenovo Ideapad Flex 10
10.1" Intel Celeron N2806
GPD Pocket 2
7.0" Intel Core m3-8100Y
Acer Aspire E11 ES1
11.6" Intel Celeron N2840
Eking S515
4.8" Intel Atom Z515
GPD Win 2
6.0" Intel m3 7Y30
Acer Aspire Switch 10
10.1" Intel Atom Z3745
Acer Chromebook 11 CB3-131
11.6" Intel Celeron N2807
Microsoft Surface Go
10.0" Intel Pentium 4415Y
Microsoft Surface Duo
8.1" Qualcomm Snapdragon 855