Slashdot Mirror

← Back to Stories (view on slashdot.org)

Verizon MiFi Owned By Simple Attack

Posted by timothy on from the changing-the-default-seems-smart dept.

Trailrunner7 writes "Security researcher Joshua Wright has developed a simple attack that allows him to recover the passwords for any Verizon MiFi device. The MiFi is essentially a tiny, portable wireless AP, and Wright's attack uses a simple and effective technique to get default passwords by using the device's SSID and some existing password attacks on the encryption protocols the MiFi employs. Result: complete 0wnage of any MiFi."

5 of 86 comments (clear)

  1. Re:Slightly misleading title by Overzeetop · · Score: 4, Funny

    To clarify, this exploit is only for the configuration as shipped from the factory. Just like most consumer routers, you can reconfigure the SSID and WPA-PSK values via a web interface, but almost nobody does.

    Fixed that for you. Yes, yes, people are getting better with their home routers. For most people, if you mention SSID and WPA-PSK, it will probably be countered with a WTF?

    --
    Is it just my observation, or are there way too many stupid people in the world?
  2. Gotta love the article by powerlord · · Score: 3, Funny

    From The Fine Article:

    Change the Default SSID: Change the default SSID from "Verizon MiFi2200 XXXX Secure" to another value that is not common, but not unique either (somewhere in the middle) to mitigate precomputed PSK attacks, as well as general wireless anonymity attacks.

    I suggest using linksys or netgear. :D

    Nothing like watching script kiddies THINK they know what the router is, and bashing their heads trying to figure out why they can't get into what MUST be an unconfigured network.

    Only catch is if you're in an environment with lots of them pre-configured in which case 'FreeWiFi' is also good (with a nice strong random password of course :P ).

    --
    This space for rent. All reasonable inquiries will be entertained at proprietors discretion.
    1. Re:Gotta love the article by Anonymous Coward · · Score: 4, Funny

      Nothing like watching script kiddies THINK they know what the router is, and bashing their heads trying to figure out why they can't get into what MUST be an unconfigured network.

      Even better - get a plain linksys router, set it to factory default settings, but don't connect it to internet.

      Script kiddies keep trying to figure out why they can't connect to the internet...

  3. Re:Slightly misleading title by interkin3tic · · Score: 3, Funny

    All have non default ssids and passwords.

    Yes, for example in my neighborhood there is a "dontstealmyinternet," which doesn't require a password, and a "freewifi" which does. I find that odd.

  4. Re:"Owned" by Anonymous Coward · · Score: 1, Funny

    It's pwned and pwnage. "Pwn" does not exist.