A user of Novatel Wireless's MiFi ‘portable Wi-Fi' hotspot appears to have stumbled on a security flaw that could allow an outsider to work out a user's location without their knowledge.
According to Adam Baldwin of EvilPacket, the unit's built-in GPS interface can be hacked if an attacker can persuade a MiFi owner to visit a malicious site with the GPS turned on, thereby revealing the user's coordinates to the attacker.
The flaw affects MiFi 2200 units sold by Verizon and Sprint in the US, and possibly also the newer model 2532 sold in the UK by T-Mobile, Orange and in branded form by Vodafone, though this has yet to be confirmed.
Novatel is reported to have promised a patch for the flaw, but otherwise played down its significance. "No malware remains on MiFi when the user disconnects from the malicious site. Any data received or sent through MiFi is secure. Novatel will provide a patch going forward," the company is reported to have said.
The same researcher also reports that the device's configuration could be changed by an attacker if the user visits a malicious site and, more seriously, access the user's encryption passphrase in the clear.
As dramatic as the GPS hack sounds, the ability to access the MiFi's configuration is probably at least as serious and will require a device update within days. Novatel's point that the attacker has to lure a user to a malicious website for any of this to work is a tiny barrier for criminals. Many software exploits depend on such an approach.
The Mifi is one of the first of a new type of mobile Internet router designed to connect to a 3G mobile service. This can then be shared to one or more users using Wi-Fi, turning a single connection into a roaming ‘hotspot'.
Portable hotspots are seen as an important way to increase the uptake of mobile broadband services because they make it easier for such a connection to be used from home as well as on the move, and to be shared between multiple devices and users. They also, ironically, are seen as a way of making such connections more secure because a firewall can be included in the router.