Novatel's MiFi devices shown to be incredibly useful, easily hacked (video)
By Tim Stevens 
posted January 18th 2010 8:59AM
posted January 18th 2010 8:59AM
1/19/2010 Update: We've received a note from a Novatel representative indicating that the CGI parameters the device uses for configuration were designed to be "intentionally programmable" to ease remote setup. The statement also clarifies that a user's data will not be exposed via this hack, and that the company is working on a patch. The full statement after the break if you're inclined to read it.
MiFi has CGI parameters that are intentionally programmable so that developers can read or change MiFi settings and build browser based widgets. Most of these are openly published by Novatel. There are other CGI settings not published for MiFi that are accessible only when a user surfs to a malicious web site and stays connected to that site. The nature of the threat is better characterized by the ability of the hacker to change MiFi settings, only when connected to the malicious site, and does not provide access to the user's personal data. The exception to this is location data such as GPS. In this instance, the user location data is visible only when the user is connected to the malicious site and GPS is activated. No malware remains on MiFi when the user disconnects from the malicious site. Any data received or sent through MiFi is secure. Novatel will provide a patch going forward.
That can't be good.
@Johnny Ive
Your comment covers everything there is to this story. No one should even post anymore comments.
Oh, wait......
Here you go, solidsnake: Better to stick with a symbian / joikuspot combo for wi-fi generating.
@e1212
Agreed.
"Pants on the ground"
@One Love Lol
For a more industrial strength version of the MiFi concept see http://www.pfsense.org. It's a firewall/router package that installs on anything from a small embedded i386 board (like these http://www.pcengines.ch/ ) to full servers, and it supports a large range of USB and PCI-e/PCMCIA 3G modems. It's a DIY assembly for sure, but its an alternative to the MiFi. I have a small embedded PC and a Sierra Wireless Compass 885 running as my main home network router.
@gnoahb
Lucky perhaps you are. With Verizon I have a mifi with unlimited data. But after transferring the number off my other mifi to Google Voice, I found that I could no longer purchase unlimited data plans as an individual. The plan is now for 5 GB. So one would have to be careful in using a mifi as a main home internet source today.
It's similar to the AT&T international plans. Last summer I got unlimited data on both my iPhones at a reasonable rate. But 2 weeks later I tried to get it for my daughter's iPhone and my assistant's iPhone and AT&T no longer offered that unlimited plan.
Another issue is that you can type 192.168.1.1 into the browser and access the Router's setup utility, once connected to the wifi. The standard default logins work (ADMIN as user name, etc.). A person who borrows your wifi can go in and change everything. I change mine because I don't want the name Verizon...... on it, but security is the best reason to do it.
Seems like the attack surface is pretty narrow/thin: the hack requires the connected user to unknowingly execute it (via custom web public page) or by a hacker that must first compromise the WiFi security of the device. Of course, if you're operating the thing with open security, you're pretty much inviting mis-use by anyone in the vicinity.
@fatslug
How is this comment highest rank? Damn Mac haters.
The f*cking operating system has NOTHING to do with this!