Novatel MiFi exploit reveals GPS position, security settings, more

Novatel Wireless' MiFi personal 3G hotspot has won plenty of admirers, but that attention has also uncovered a security loophole that could allow third-parties to not only discover a user's GPS position but extract their entire configuration remotely.  The issue, identified by EvilPacket's Adam Baldwin, has been shown to affect the MiFi 2200 units sold by Verizon and Sprint in the US; users need only visit a certain webpage to reveal their location or have configuration settings changed.

Among the information the MiFi 2200 will readily share is the WiFi security key – sent in clear text – and with some Javascript Baldwin showed it was possible to change the hotspot's settings to the point where a factory reset is required in order to restore functionality to the user.  Even if GPS is turned off, a remote command can be used to switch it back on.

A further exploit can extract the entire configuration of the MiFi, again in clear text, including all of the security settings.  It's unclear if the issue affects the newer, more complex MiFi 2352/2372 units, which also have applications processors.  We're waiting on an official comment from Novatel Wireless.

[via UMPC Portal]