Home » 

UK ISP News Archives

 » 
Sponsored Links

UPDATE Security Threat to Vodafone and T-Mobile UK MiFi Mobile Broadband Devices

Posted: 21st Jan, 2010 By: MarkJ
mifiCustomers of T-Mobile and Vodafone UK using one of the operators MiFi (2352) devices, essentially a portable battery powered wireless router that has been designed to distribute their Mobile Broadband service over a Wi-Fi link, should be aware they suffer from a security vulnerability that could allow access to a remote hacker.

It's understood that an attacker could use this new vulnerability to alter the devices configuration settings, such as to enable its GPS without your permission. Luckily the UK / EU 2352 devices, as manufactured by Novatel Wireless, are "far less vulnerable" to the flaw - "if the carrier is on the 5.15 firmware or greater" - than their 2200 series USA counter parts.

Kevin Thornton from Novatel Wireless informed ISPreview:

"MiFi has CGI parameters that are intentionally programmable so that developers can read or change MiFi settings and build browser based widgets. Most of these are openly published by Novatel. There are other CGI settings not published for MiFi that are accessible only when a user surfs to a malicious web site and stays connected to that site.

The nature of the threat is better characterized by the ability of the hacker to change MiFi settings, only when connected to the malicious site, and does not provide access to the user's personal data. The exception to this is location data such as GPS.

In this instance, the user location data is visible only when the user is connected to the malicious site and GPS is activated. No malware remains on MiFi when the user disconnects from the malicious site. Any data received or sent through MiFi is secure. Novatel will provide a patch going forward."

Novatel informs us that its UK 2352 model is less vulnerable because the user must first be logged on to their admin page before being lured to a malicious website (i.e. while the devices admin session is open). If a user closes the admin page at the end of the session there is no risk. This is currently being explained to Vodafone and T-Mobile UK, carriers of the 2352 models.

UPDATE 27th January 2010

Corrected the firmware version mentioned in this news item from 7.15 to 5.15, as per an update by Novatel.
Search ISP News
Search ISP Listings
Search ISP Reviews
Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
150Mbps
Gift: None
NOW UK ISP Logo
NOW £24.00
100Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £26.00
132Mbps
Gift: None
Vodafone UK ISP Logo
Vodafone £26.50 - 27.00
150Mbps
Gift: None
Zen Internet UK ISP Logo
Zen Internet £28.00 - 35.00
100Mbps
Gift: None
Large Availability | View All
Cheapest ISPs for 100Mbps+
Gigaclear UK ISP Logo
Gigaclear £17.00
200Mbps
Gift: None
BeFibre UK ISP Logo
BeFibre £19.00
150Mbps
Gift: None
Community Fibre UK ISP Logo
150Mbps
Gift: None
YouFibre UK ISP Logo
YouFibre £22.99
150Mbps
Gift: None
Hey! Broadband UK ISP Logo
150Mbps
Gift: None
Large Availability | View All
Sponsored Links
The Top 15 Category Tags
  1. FTTP (5721)
  2. BT (3570)
  3. Politics (2602)
  4. Openreach (2342)
  5. Business (2324)
  6. Building Digital UK (2277)
  7. FTTC (2061)
  8. Mobile Broadband (2039)
  9. Statistics (1830)
  10. 4G (1724)
  11. Virgin Media (1674)
  12. Ofcom Regulation (1494)
  13. Fibre Optic (1427)
  14. Wireless Internet (1417)
  15. FTTH (1383)
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules