• Tip us on news, and your feedback!
PhoneNews.com
Providing complete coverage of the wireless industry, cell phone news, and future 4G technologies.
  • Home
  • Deals
  • ETF
  • Hackers & Nerds
  • Carriers
    • AT&T
    • Sprint
    • T-Mobile
    • Verizon
  • Carrier Phone Numbers
  • Reviews
  • PhoneNews.com Extras
    • About PhoneNews.com
    • Contact Us & Submit News
    • Write for PhoneNews.com
    • Firmware Tracker
Browse: Home / Major Novatel MiFi Security Holes Discovered (Updated)

Major Novatel MiFi Security Holes Discovered (Updated)

By Humberto Saabedra on January 19, 2010

Novatel’s MiFi 2200 3G/Wi-Fi combo modem/router sold by Verizon and Sprint has been exploited and two major security vulnerabilities have been discovered.

The biggest vulnerabilities found are the silent remote activation of GPS functionality despite being turned off by the user, as well as the complete exposure of the Wi-Fi security key and device configuration in plain text by visiting a site with malicious Javascript.

Novatel has yet to issue a statement regarding the issue

Update: Novatel representative Kevin Thomson has released the following statement on the issue to PhoneNews.com:

I saw your posting regarding the MiFi security issue and I wanted to get in contact with the official Novatel Wireless statement.

MiFi has CGI parameters that are intentionally programmable so that developers can read or change MiFi settings and build browser based widgets.  Most of these are openly published by Novatel.

There are other CGI settings not published  for MiFi that are accessible only when a user surfs to a malicious web site and stays connected to that site.  The nature of the threat is better characterized by the ability of the hacker to change MiFi settings, only when connected to the malicious site, and does not provide access to the user’s personal data.  The exception to this is location data such as GPS.

In this instance, the user location data is visible only when the user is connected to the malicious site and GPS is activated.  No malware remains on MiFi when the user disconnects from the malicious site.  Any data received or sent through MiFi is secure.  Novatel will provide a patch going forward.

Posted in Nerds, Sprint, Verizon, Wi-Fi | Tagged Discovered, Exploits, MiFi, novatel, security

Humberto Saabedra

« Previous Next »

Categories

  • Bluetooth
  • Carriers
    • AT&T
      • AIO Wireless
      • Cricket (AT&T)
    • Sprint
      • Boost Mobile
      • Clearwire
      • Virgin Mobile
    • T-Mobile
      • GoSmart Mobile
      • MetroPCS
    • U.S. Cellular
    • Verizon
      • Alltel
  • Conglomerates
    • Apple
    • Google
    • Microsoft
  • Deals
  • Early Termination Fee (ETF) Out
  • Editorials
  • General News
  • Legal
  • Manufacturers
    • Acer
    • Alcatel One Touch (TCL)
    • Asus
    • Audiovox
    • BenQ
    • BlackBerry
    • BLU Products
    • Casio Hitachi
    • CoolPad (YuLong)
    • Curitel
    • Dell
    • Garmin-Asus
    • Geeksphone
    • Hisense
    • HP
    • HTC
    • Huawei
    • Icon Q
    • Jolla
    • Kyocera
      • Sanyo
    • Lenovo
    • LG
    • Motorola
    • Nokia
    • Nvidia
    • OnePlus
    • Oppo
    • Palm
    • Panasonic
    • Pantech
    • PCD
    • Samsung
    • Sharp
    • Sidekick (Danger)
    • Siemens
    • Sierra Wireless
    • Silent Circle
    • Sonim
    • Sony
    • TechFaith
    • Toshiba
    • Vertu
    • Xiaomi
    • YotaPhone
    • ZTE
  • Navigation
  • Nerds
  • Network Platforms
    • CDMA2000
      • EV-DO
    • GSM
      • EDGE
    • HSPA
    • iDEN
    • LTE
    • UMTS
    • WiMAX
  • Reviews
  • Software Platforms
    • Android
    • BREW
    • Firefox OS
    • iOS
    • Java
    • MeeGo / Mer / Sailfish
    • Symbian
    • Tizen
    • Ubuntu
    • Windows Phone
    • Windows RT
  • Tethering
  • Video & Software
  • Virtual Operators (MVNOs)
  • Wi-Fi
  • Wired & VoIP

Copyright © 2026 PhoneNews.com

- About Us | Jobs | Contact | Privacy Policy | Our Meetup | @phonenewsdotcom | Facebook Page