Verizon MiFi Owned By Simple Attack 86
Trailrunner7 writes "Security researcher Joshua Wright has developed a simple attack that allows him to recover the passwords for any Verizon MiFi device. The MiFi is essentially a tiny, portable wireless AP, and Wright's attack uses a simple and effective technique to get default passwords by using the device's SSID and some existing password attacks on the encryption protocols the MiFi employs. Result: complete 0wnage of any MiFi."
Re:Slightly misleading title (Score:5, Funny)
To clarify, this exploit is only for the configuration as shipped from the factory. Just like most consumer routers, you can reconfigure the SSID and WPA-PSK values via a web interface, but almost nobody does.
Fixed that for you. Yes, yes, people are getting better with their home routers. For most people, if you mention SSID and WPA-PSK, it will probably be countered with a WTF?
Gotta love the article (Score:4, Funny)
From The Fine Article:
I suggest using linksys or netgear. :D
Nothing like watching script kiddies THINK they know what the router is, and bashing their heads trying to figure out why they can't get into what MUST be an unconfigured network.
Only catch is if you're in an environment with lots of them pre-configured in which case 'FreeWiFi' is also good (with a nice strong random password of course :P ).
Re:Gotta love the article (Score:4, Funny)
Nothing like watching script kiddies THINK they know what the router is, and bashing their heads trying to figure out why they can't get into what MUST be an unconfigured network.
Even better - get a plain linksys router, set it to factory default settings, but don't connect it to internet.
Script kiddies keep trying to figure out why they can't connect to the internet...
Re:Slightly misleading title (Score:4, Funny)
All have non default ssids and passwords.
Yes, for example in my neighborhood there is a "dontstealmyinternet," which doesn't require a password, and a "freewifi" which does. I find that odd.
Re:"Owned" (Score:1, Funny)
It's pwned and pwnage. "Pwn" does not exist.