Slashdot Mirror

← Back to Stories (view on slashdot.org)

MiFi Attack Exploits GPS To Reveal User's Location

Posted by timothy on from the wish-it-was-easy-for-non-attackers dept.

An anonymous reader writes "Security researcher Adam Baldwin has identified that the Sprint and Verizon MiFi devices are vulnerable to a multitude of attacks. Combining these attacks together, an attacker can gain the GPS location of the MiFi device without the user becoming immediately aware. The attack can be successfully executed without authentication and even if the GPS has been disabled by the administrator." There's a video, but a handy text summary, too. Upshot: "Any MiFi user that visits a specially crafted page will give up their GPS location to the attacker."

6 of 62 comments (clear)

  1. Why does it have a GPS? by Darkness404 · · Score: 3, Insightful

    I think the main question is why would a glorified router have a GPS built-in? I can see no real reason for a GPS being in a router. Phones? Perhaps. Router? No.

    --
    Taxation is legalized theft, no more, no less.
    1. Re:Why does it have a GPS? by John+Hasler · · Score: 2, Insightful

      > Because you're on a cellular network and the company providing service wants
      > to know where its users are using them so they can plan the network.

      They know what cells you are using and the signal strength. That's all they need.

      --
      Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
    2. Re:Why does it have a GPS? by hanabal · · Score: 2, Insightful

      if the phone is only picking up the signal from one tower you can eliminate any side of the tower where another tower is close by, as you would expect to have more than one signal. so unless the tower is completely isolated you can have a pretty good idea where they are, at least what direction.

    3. Re:Why does it have a GPS? by dgatwood · · Score: 3, Insightful

      That it works even with GPS mode turned OFF on the phone is DIRECT evidence of poor security design.

      No, the fact that third parties *found* the back door is direct evidence of poor security design. The fact that the backdoor was there is at least as likely to be an intentional measure for law enforcement purposes as it is to be a mistake. Odds are, when they "fix" this bug, the backdoor will still be there, just hidden a little better.

      --

      Check out my sci-fi/humor trilogy at PatriotsBooks.

  2. Bad title by spire3661 · · Score: 2, Insightful

    Cell tower triangulation is not GPS in any way shape or form.

    --
    Good-bye
  3. Publicity Stunt? by LostCluster · · Score: 2, Insightful

    Here's one from the conspiracy theory file:

    Since the MiFi is such a novel concept, people might not think it includes anything not related to data connections. By making this mistake and it landing on Slashdot and such, it's advertising the GPS... plus giving notice so nobody can sue them and claim they didn't know they were carrying a device that would reveal their location.