Printed from http://www.electronista.com

MiFi hotspots easily hacked

updated 04:35 pm EST, Mon January 18, 2010

Novatel MiFi hotspots are vulnerable to attacks

A recent report has found that Novatel's MiFi mobile hotspot can too easily be compromised by hacks. As the MiFi doesn't require a valid session to change settings, researchers have found that they could locate a user over GPS or even cut a connection remotely.

The MiFi's GPS can also be accessed by anyone who simply visits a specific URL address, though the "victim" may get a login prompt when this happens. The device is also vulnerable to Cross-Site Request Forgery (CSRF), allowing certain websites to change the wireless settings of the MiFi.

Another issue is the lack of proper output encoding at various user input points in the interface, including the key field for the WiFi settings.

The providers who sell the MiFi device have reportedly been advised of the issues, but until a fix is issued, users should be aware of these vulnerabilities and should be aware visiting questionable websites may result in revealing their locations. The MiFi is sold by various providers, including Sprint and Verizon. [via Ngenuity]



By Electronista Staff
toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Razer Kraken Pro headset

Gaming headphones are a challenge to get right, for a long list of reasons that are unique to the consumer buying them. Some shoppers ...

Patriot Aero Wireless Mobile Drive

Regardless of how large a tablet you buy, you always want more space. There's always one more movie or another album you'd cram on, if ...

Patriot Fuel+ 6000 and 9000mAh batteries

Mobile device batteries are better than they used to be, but there's always a scenario where users could use more juice. Upgrade manuf ...

Sponsor

toggle

Most Commented

 
toggle

Popular News