Novatel to issue patch to counter MiFi vulnerability

Novatel says it plans to release a patch to counter a security researcher's discovery that the popular Novatel MiFi 3G router can be attacked via a malicious page to modify the settings of the device, possibly disabling the security or locking out the owner of the router.

The spokesman said the ability of a hacker to change the MiFi's settings can only be done if the user surfs to a malicious web site and stays connected to that site.

"MiFi has CGI parameters that are intentionally programmable so that  developers can read or change MiFi settings and build browser-based widgets. Most of these are openly published by Novatel," the spokesman explained. "There are other CGI settings not published for MiFi that are accessible only when a user surfs to a malicious web site and stays connected to that site. The nature of the threat is better characterized by the ability of the hacker to change MiFi settings, only when connected to the malicious site, and does not provide access to the user's personal data. The exception to this is location data such as GPS. In this instance, the user location data is visible only when the user is connected to the malicious site and GPS is activated. No malware remains on MiFi when the user disconnects from the malicious site. Any data received or sent through MiFi is secure." 

Related articles:
Novatel MiFi router hacked
Novatel's guidance for MiFi hotspot device disappointing
Verizon's answer to WiFi: MiFi

Webinar

Live webinar on 27th Jan 2021: Voice over 5G – evolution, deployment, technology and testing aspects

Voice services have been reality since decades and the industry wants to continue their success story in wireless networks also with 5G. Find out the technology aspects behind incorporating voice services in 5G networks and outlines possible deployment scenarios. To achieve best user experience, we will also demonstrate how to test voice capabilities of 5G smartphones in different deployment scenarios by using the unique R&S®CMX500 radio communication tester and the R&S®CMsquares 5G test software solution from Rohde & Schwarz.