Verizon MiFi Owned By Simple Attack 86
Trailrunner7 writes "Security researcher Joshua Wright has developed a simple attack that allows him to recover the passwords for any Verizon MiFi device. The MiFi is essentially a tiny, portable wireless AP, and Wright's attack uses a simple and effective technique to get default passwords by using the device's SSID and some existing password attacks on the encryption protocols the MiFi employs. Result: complete 0wnage of any MiFi."
Verizon FiOS routers allow login from WAN (Score:4, Interesting)
Re:Dupe? (Score:2, Interesting)
No doubt that when the femtocell article was posted, someone was like "Hey, i can do that on a Verizon MiFI because it not only does it use the same technology, but allows me to get far more useful data than anyone would be doing over a phone"
Does this mean that Verizon should stop promoting the MiFi as a small business tool? Aren't small businesses without a clue the only ones purchasing the MiFi anyway? No clue = not security conscious
Re:Slightly misleading title (Score:4, Interesting)
Re:Verizon FiOS routers allow login from WAN (Score:3, Interesting)
Re:Submitter is clueless on what 0wnage is (Score:5, Interesting)
The funny part of this story is that Verizon routers take so much effort to hack based on their default configuration. I read it as a good move on Verizon's part.
It's just hard enough that someone thinks that "hacking" it is some form of accomplishment. That's pretty impressive given that this is a default configuration, which by definition has to use some form of predictable algorithm for their password. At least they are shipping them with OK encryption enabled by default and a password that takes 4 minutes to crack.
Now, if someone managed to hack into one of these gizmos and get free Internet after a user changed the password to a properly secure one, that would be news.
I was at my father's house once, setting up a new wireless router. This was a few years ago. The directions said to plug it into the Internet, power it up, connect to it, and set up wireless security (optional). The problem is, the wireless side comes on at first power-up, and it's an open access point. So I connected all the cables, plugged it in, went to go get a cup of coffee, and by the time I returned 15 minutes later the wireless light was blinking solid and someone had already changed the configuration password. I had to do a factory reset and beat the guy to the configuration screen when it powered up again. There was no way to tell the router to power up without wireless enabled, and the antenna was not removable. I was seriously considering wrapping the !@#$ thing in tin foil to give me enough time to get the admin password changed, but on the third try I beat the little bastard to it or he gave up.
I can imagine that 90% of Internet users at the time would simply have powered up their router, seen the access point name, connected to it, and gone on blissfully unaware that a script kiddie next door had set up port forwarding and was running a Torrent client or webserver off their connection.
I think the fact that it takes 4 minutes to hack into a default-configured router is a pretty good indication of how far we've come. Maybe not far enough, but still pretty far.
Re:Slightly misleading title (Score:4, Interesting)
My wifis show up as "GetCurtainsISeeYou" and "ImDatingYourDaughter" Figured I would screw with the neighbors.
Re:Slightly misleading title (Score:4, Interesting)
Actually, it's more of a Windows side effect.
User connects their laptop to "Free Wireless Internet" AP (a real, live accesspoint). User then leaves, and parks butt in another location. Windows again looks for a network with SSID "Free Wireless Internet" as well as doing scans for other networks (ad-hoc or otherwise). Inadvertently, it also broadcasts this as an ad-hoc SSID, so a second user doing a scan sees it and tries to connect. They fail (obviously), but now their laptop will look for an ad-hoc network called "Free Wireless Internet", to which others will try to connect, fail, and broadcast anew ad-hoc network.
It's spread to the point where you can see that SSID everywhere. A viral SSID, effectively.
http://www.wlanbook.com/free-public-wifi-ssid/ [wlanbook.com]
http://blogs.chron.com/techblog/archives/2006/09/free_public_wif.html [chron.com]
A bit more Googling will reveal a ton more of same. Of course, it's trivially simple for someone to really do set up a real MITM using tihs viral SSID, so beware.