Novatel to issue patch to counter MiFi vulnerability

Novatel says it plans to release a patch to counter a security researcher's discovery that the popular Novatel MiFi 3G router can be attacked via a malicious page to modify the settings of the device, possibly disabling the security or locking out the owner of the router.

The spokesman said the ability of a hacker to change the MiFi's settings can only be done if the user surfs to a malicious web site and stays connected to that site.

"MiFi has CGI parameters that are intentionally programmable so that  developers can read or change MiFi settings and build browser-based widgets. Most of these are openly published by Novatel," the spokesman explained. "There are other CGI settings not published for MiFi that are accessible only when a user surfs to a malicious web site and stays connected to that site. The nature of the threat is better characterized by the ability of the hacker to change MiFi settings, only when connected to the malicious site, and does not provide access to the user's personal data. The exception to this is location data such as GPS. In this instance, the user location data is visible only when the user is connected to the malicious site and GPS is activated. No malware remains on MiFi when the user disconnects from the malicious site. Any data received or sent through MiFi is secure." 

Related articles:
Novatel MiFi router hacked
Novatel's guidance for MiFi hotspot device disappointing
Verizon's answer to WiFi: MiFi

Suggested Articles

Bluegrass Cellular is asking the FCC for permission to extend its Citizens Broadband Radio Services (CBRS) tests for another two years.

In their latest round of comments to the FCC, both users and would-be users of the C-Band argued whether fiber is the best alternative for delivering the types…

Amazon has earned the distinction of having the 3,000th Zigbee-certified product with its second-generation Echo Show.