retroremakes
January 18th, 2010, 17:20
http://cache.gawker.com/assets/images/4/2010/01/500x_mifi.jpg (http://cache.gawker.com/assets/images/4/2010/01/mifi.jpg)We're fans of Novatel's MiFi hotspots (http://gizmodo.com/5256825/verizon-mifi-2200-3g-portable-wi+fi-hotspot-review), which allow a 3G connection to be converted into Wi-Fi. What we are not fans of is a new exploit that lets hackers reveal your location and all your security info.
The exploit, which affects the MiFi 2200s sold by Verizon and Sprint, kicks in when users visit a certain website.
"Among the information the MiFi 2200 will readily share is the WiFi security key – sent in clear text – and with some Javascript Baldwin showed it was possible to change the hotspot's settings to the point where a factory reset is required in order to restore functionality to the user. Even if GPS is turned off, a remote command can be used to switch it back on.
A further exploit can extract the entire configuration of the MiFi, again in clear text, including all of the security settings."
If you're a MiFi user, just be careful out there until Novatel issues a fix. [UMPC Portal (http://www.umpcportal.com/2010/01/warning-proven-security-issue-on-mifi-3g-routers/) via SlashGear (http://www.slashgear.com/novatel-mifi-exploit-reveals-gps-position-security-settings-more-1870255/)]
http://ads.pheedo.com/img.phdo?p=1 (http://ads.pheedo.com/click.phdo?p=1) http://a.rfihub.com/eus.gif?eui=2226 http://feedads.g.doubleclick.net/~a/Tje8mSsCDQPV4peIk0Y_Nrd1FV0/0/di</img> (http://feedads.g.doubleclick.net/~a/Tje8mSsCDQPV4peIk0Y_Nrd1FV0/0/da)
http://feedads.g.doubleclick.net/~a/Tje8mSsCDQPV4peIk0Y_Nrd1FV0/1/di</img> (http://feedads.g.doubleclick.net/~a/Tje8mSsCDQPV4peIk0Y_Nrd1FV0/1/da)
http://feeds.feedburner.com/~ff/gizmodo/full?d=H0mrP-F8Qgo</img> (http://feeds.gawker.com/~ff/gizmodo/full?a=oiSpmC09S9s:cUv9M9IYUCs:H0mrP-F8Qgo) http://feeds.feedburner.com/~ff/gizmodo/full?d=yIl2AUoC8zA</img> (http://feeds.gawker.com/~ff/gizmodo/full?a=oiSpmC09S9s:cUv9M9IYUCs:yIl2AUoC8zA) http://feeds.feedburner.com/~ff/gizmodo/full?i=oiSpmC09S9s:cUv9M9IYUCs:D7DqB2pKExk</img> (http://feeds.gawker.com/~ff/gizmodo/full?a=oiSpmC09S9s:cUv9M9IYUCs:D7DqB2pKExk) http://feeds.feedburner.com/~ff/gizmodo/full?i=oiSpmC09S9s:cUv9M9IYUCs:V_sGLiPBpWU</img> (http://feeds.gawker.com/~ff/gizmodo/full?a=oiSpmC09S9s:cUv9M9IYUCs:V_sGLiPBpWU)
http://feeds.feedburner.com/~r/gizmodo/full/~4/oiSpmC09S9s
More... (http://feeds.gawker.com/~r/gizmodo/full/~3/oiSpmC09S9s/mifi-exploit-shows-gps-position-and-security-settings-for-your-mobile-hotspot)
The exploit, which affects the MiFi 2200s sold by Verizon and Sprint, kicks in when users visit a certain website.
"Among the information the MiFi 2200 will readily share is the WiFi security key – sent in clear text – and with some Javascript Baldwin showed it was possible to change the hotspot's settings to the point where a factory reset is required in order to restore functionality to the user. Even if GPS is turned off, a remote command can be used to switch it back on.
A further exploit can extract the entire configuration of the MiFi, again in clear text, including all of the security settings."
If you're a MiFi user, just be careful out there until Novatel issues a fix. [UMPC Portal (http://www.umpcportal.com/2010/01/warning-proven-security-issue-on-mifi-3g-routers/) via SlashGear (http://www.slashgear.com/novatel-mifi-exploit-reveals-gps-position-security-settings-more-1870255/)]
http://ads.pheedo.com/img.phdo?p=1 (http://ads.pheedo.com/click.phdo?p=1) http://a.rfihub.com/eus.gif?eui=2226 http://feedads.g.doubleclick.net/~a/Tje8mSsCDQPV4peIk0Y_Nrd1FV0/0/di</img> (http://feedads.g.doubleclick.net/~a/Tje8mSsCDQPV4peIk0Y_Nrd1FV0/0/da)
http://feedads.g.doubleclick.net/~a/Tje8mSsCDQPV4peIk0Y_Nrd1FV0/1/di</img> (http://feedads.g.doubleclick.net/~a/Tje8mSsCDQPV4peIk0Y_Nrd1FV0/1/da)
http://feeds.feedburner.com/~ff/gizmodo/full?d=H0mrP-F8Qgo</img> (http://feeds.gawker.com/~ff/gizmodo/full?a=oiSpmC09S9s:cUv9M9IYUCs:H0mrP-F8Qgo) http://feeds.feedburner.com/~ff/gizmodo/full?d=yIl2AUoC8zA</img> (http://feeds.gawker.com/~ff/gizmodo/full?a=oiSpmC09S9s:cUv9M9IYUCs:yIl2AUoC8zA) http://feeds.feedburner.com/~ff/gizmodo/full?i=oiSpmC09S9s:cUv9M9IYUCs:D7DqB2pKExk</img> (http://feeds.gawker.com/~ff/gizmodo/full?a=oiSpmC09S9s:cUv9M9IYUCs:D7DqB2pKExk) http://feeds.feedburner.com/~ff/gizmodo/full?i=oiSpmC09S9s:cUv9M9IYUCs:V_sGLiPBpWU</img> (http://feeds.gawker.com/~ff/gizmodo/full?a=oiSpmC09S9s:cUv9M9IYUCs:V_sGLiPBpWU)
http://feeds.feedburner.com/~r/gizmodo/full/~4/oiSpmC09S9s
More... (http://feeds.gawker.com/~r/gizmodo/full/~3/oiSpmC09S9s/mifi-exploit-shows-gps-position-and-security-settings-for-your-mobile-hotspot)