If You Own a Verizon Mi-Fi, Change the Defaults

World famous - okay, so maybe he is only world famous in the computer security world- security researcher Joshua Wright discovered a vulnerability in the way Verizon (and I imagine other wireless carriers) configured the "default" settings on their popular MiFi device. 

Let me summarize what he uncovered: (full article).

  • the default password settings of the Verizon MiFi make it easy for someone to hack the device
  • the default wireless encryption settings of the Verizon MiFi make it easy for someone to figure out what the encryption key is - which then enables them to to connect to the MiFi.

What are the implications of this hack?

  • since the MiFi device is WiFi enabled, the hacker does NOT have to have physical access to your device - they could be sitting on the other side of the coffee house or even across the street.
  • in "Verizon World" your "unlimited" service is actually capped out at 5GB - so a hacked MiFi could be used in such a way that you exceed your 5GB cap - which means overage charges
  • a hacker who is able to connect to your MiFi WiFi network (can you say "MiFi WiFi" 5 times fast) could use that connection to capture the traffic which could expose passwords and other sensitive inforamtion.

So what do you need to do to keep your MiFi secure?

  1. Change the default password for administering the device.   (I don't currently have access to a MiFi but if I can get my hands on one, I'll do a screencast on how to do this.)
  2. Change the default SSID and encryption key on the device.   (Again, as soon as I can get my hands on a MiFi I'll do a screencast on how to make these changes)

While I wait to get my hands on a MiFi, if you have any questions about this issue, feel free drop me an email at