MiFi Attack Exploits GPS To Reveal User's Location 62
An anonymous reader writes "Security researcher Adam Baldwin has identified that the Sprint and Verizon MiFi devices are vulnerable to a multitude of attacks. Combining these attacks together, an attacker can gain the GPS location of the MiFi device without the user becoming immediately aware. The attack can be successfully executed without authentication and even if the GPS has been disabled by the administrator." There's a video, but a handy text summary, too. Upshot: "Any MiFi user that visits a specially crafted page will give up their GPS location to the attacker."
Re:Why does it have a GPS? (Score:1, Interesting)
Or more "paranoidally" put, they like to know where a hotspot is at any given time. For whatever reason.
That it works even with GPS mode turned OFF on the phone is DIRECT evidence of poor security design.
Who knows how much intel you're pinging away on that IP-phone? More than any of us are cleared to know.
I trust cell phone companies with my voice, only... and they often screw even that up.
And my confirmation captcha is "phones"... as if I needed more proof they were listening!
Re:Why does it have a GPS? (Score:3, Interesting)
If they actually included a real GPS chipset, that would be puzzling, just from a cost/weight/battery life/board space perspective; but basically anything that interacts with a cell network gets location data within the limits of tower triangulation accuracy essentially for free(and then, if Verizon is the carrier, the firmware locks you out of that until you pay an extra monthly fee; but the capability is there).
The utter fail here is that the MiFi interface is as vulnerable as it is.
Re:Why does it have a GPS? (Score:3, Interesting)
In short, FCC E911 rules.
Most USB modem vendors use Qualcomm chipsets which come with GPSOne as standard. As such, they just need to include an antenna.
USB modems sold in Europe still have GPSOne in there, but the antenna is removed to reduce costs. As such you cannot get a fix.