World famous - okay, so maybe he is only world famous in the computer security world- security researcher Joshua Wright discovered a vulnerability in the way Verizon (and I imagine other wireless carriers) configured the "default" settings on their popular MiFi device.
Let me summarize what he uncovered: (full article).
- the default password settings of the Verizon MiFi make it easy for someone to hack the device
- the default wireless encryption settings of the Verizon MiFi make it easy for someone to figure out what the encryption key is - which then enables them to to connect to the MiFi.
What are the implications of this hack?
- since the MiFi device is WiFi enabled, the hacker does NOT have to have physical access to your device - they could be sitting on the other side of the coffee house or even across the street.
- in "Verizon World" your "unlimited" service is actually capped out at 5GB - so a hacked MiFi could be used in such a way that you exceed your 5GB cap - which means overage charges
- a hacker who is able to connect to your MiFi WiFi network (can you say "MiFi WiFi" 5 times fast) could use that connection to capture the traffic which could expose passwords and other sensitive inforamtion.
So what do you need to do to keep your MiFi secure?
- Change the default password for administering the device. (I don't currently have access to a MiFi but if I can get my hands on one, I'll do a screencast on how to do this.)
- Change the default SSID and encryption key on the device. (Again, as soon as I can get my hands on a MiFi I'll do a screencast on how to make these changes)
While I wait to get my hands on a MiFi, if you have any questions about this issue, feel free drop me an email at eyenetsecurity-AT-gmail.com.