Customers of T-Mobile and Vodafone UK using one of the operators MiFi (2352) devices, essentially a portable battery powered wireless router that has been designed to distribute their Mobile Broadband service over a Wi-Fi link, should be aware they suffer from a security vulnerability that could allow access to a remote hacker.

It's understood that an attacker could use this new vulnerability to alter the devices configuration settings, such as to enable its GPS without your permission. Luckily the UK / EU 2352 devices, as manufactured by Novatel Wireless, are "far less vulnerable" to the flaw - "if the carrier is on the 5.15 firmware or greater" - than their 2200 series USA counter parts.


Novatel informs us that its UK 2352 model is less vulnerable because the user must first be logged on to their admin page before being lured to a malicious website (i.e. while the devices admin session is open). If a user closes the admin page at the end of the session there is no risk. This is currently being explained to Vodafone and T-Mobile UK, carriers of the 2352 models.

UPDATE 27th January 2010

Corrected the firmware version mentioned in this news item from 7.15 to 5.15, as per an update by Novatel.