Novatel MiFi exploit reveals GPS position, security settings and more
Novatel Wireless' MiFi individualised 3G spot has won plenitude of admirers, but that attending has also undraped a assets loophole that could let third-parties to not exclusive conceptualize a user's GPS billet but take their uncastrated configuration remotely. The fund, identified by EvilPacket's Xtc Author, has been shown to relate the MiFi 2200 units oversubscribed by Verizon and Running in the US; users beggary only impose a predestination web page to communicate their emplacement or bang design settings changed.
Among the information the MiFi 2200 will readily share is the WiFi security key – sent in clear text – and with some Javascript Baldwin showed it was possible to change the hotspot’s settings to the point where a factory reset is required in order to restore functionality to the user. Even if GPS is turned off, a remote command can be used to switch it back on. A further exploit can extract the entire configuration of the MiFi, again in clear text, including all of the security settings. It’s unclear if the issue affects the newer, more complex MiFi 2352/2372 units, which also have applications processors. We’re waiting on an official comment from Novatel Wireless. Novatel MiFi exploit reveals GPS position, security settings and more
