Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

 



Forgot your password?
typodupeerror
Encryption Security Wireless Networking

Verizon MiFi Owned By Simple Attack 86

Posted by timothy
from the changing-the-default-seems-smart dept.
Trailrunner7 writes "Security researcher Joshua Wright has developed a simple attack that allows him to recover the passwords for any Verizon MiFi device. The MiFi is essentially a tiny, portable wireless AP, and Wright's attack uses a simple and effective technique to get default passwords by using the device's SSID and some existing password attacks on the encryption protocols the MiFi employs. Result: complete 0wnage of any MiFi."
This discussion has been archived. No new comments can be posted.

Verizon MiFi Owned By Simple Attack

Comments Filter:
  • by Overzeetop (214511) on Wednesday February 03, 2010 @01:26PM (#31012892) Journal

    To clarify, this exploit is only for the configuration as shipped from the factory. Just like most consumer routers, you can reconfigure the SSID and WPA-PSK values via a web interface, but almost nobody does.

    Fixed that for you. Yes, yes, people are getting better with their home routers. For most people, if you mention SSID and WPA-PSK, it will probably be countered with a WTF?

  • by powerlord (28156) on Wednesday February 03, 2010 @01:27PM (#31012908) Journal

    From The Fine Article:

    Change the Default SSID: Change the default SSID from "Verizon MiFi2200 XXXX Secure" to another value that is not common, but not unique either (somewhere in the middle) to mitigate precomputed PSK attacks, as well as general wireless anonymity attacks.

    I suggest using linksys or netgear. :D

    Nothing like watching script kiddies THINK they know what the router is, and bashing their heads trying to figure out why they can't get into what MUST be an unconfigured network.

    Only catch is if you're in an environment with lots of them pre-configured in which case 'FreeWiFi' is also good (with a nice strong random password of course :P ).

  • by Anonymous Coward on Wednesday February 03, 2010 @01:48PM (#31013178)

    Nothing like watching script kiddies THINK they know what the router is, and bashing their heads trying to figure out why they can't get into what MUST be an unconfigured network.

    Even better - get a plain linksys router, set it to factory default settings, but don't connect it to internet.

    Script kiddies keep trying to figure out why they can't connect to the internet...

  • by interkin3tic (1469267) on Wednesday February 03, 2010 @01:53PM (#31013252)

    All have non default ssids and passwords.

    Yes, for example in my neighborhood there is a "dontstealmyinternet," which doesn't require a password, and a "freewifi" which does. I find that odd.

  • Re:"Owned" (Score:1, Funny)

    by Anonymous Coward on Wednesday February 03, 2010 @02:12PM (#31013540)

    It's pwned and pwnage. "Pwn" does not exist.

If it is a Miracle, any sort of evidence will answer, but if it is a Fact, proof is necessary. -- Samuel Clemens

Working...