Novatel's MiFi devices shown to be incredibly useful, easily hacked (video)
We've personally experienced the joys of portable wireless routers like Novatel's MiFi, little things that do the 3G talkin' for you, but from what we're seeing here current users may be about to experience something altogether different: fear. A hack that is both very nasty and easy to execute has been shown which would, most troublingly, allow a malicious page to modify the MiFi settings on behalf of the user, possibly disabling security or even locking out the owner of the router, as shown in a quick demonstration video after the break. A factory reset fixes it all, of course, but doesn't do anything to alleviate the apparently shoddy security mechanisms at play here. Time for another firmware update, perhaps?
1/19/2010 Update: We've received a note from a Novatel representative indicating that the CGI parameters the device uses for configuration were designed to be "intentionally programmable" to ease remote setup. The statement also clarifies that a user's data will not be exposed via this hack, and that the company is working on a patch. The full statement after the break if you're inclined to read it.
MiFi has CGI parameters that are intentionally programmable so that developers can read or change MiFi settings and build browser based widgets. Most of these are openly published by Novatel. There are other CGI settings not published for MiFi that are accessible only when a user surfs to a malicious web site and stays connected to that site. The nature of the threat is better characterized by the ability of the hacker to change MiFi settings, only when connected to the malicious site, and does not provide access to the user's personal data. The exception to this is location data such as GPS. In this instance, the user location data is visible only when the user is connected to the malicious site and GPS is activated. No malware remains on MiFi when the user disconnects from the malicious site. Any data received or sent through MiFi is secure. Novatel will provide a patch going forward.
