The MiFi by Novatel Wireless (re-branded and sold by multiple vendors
such as Sprint and Verizon) is a mobile wifi hotspot. The mifi also has
a built in GPS to provide location based searching.
Turns out that the web interface to this little device has a lot going
on that can be exploited, from gaining the user’s GPS data to
terminating the user’s connectivity. The POC isn't online yet due to
vendor lag but it's not all that complicated if you have a MiFi and a
few minutes.
Just another one: you can access to the configuration backup without
authentication at: /config.xml.sav
On Fri, Jan 15, 2010 at 17:12, Adam Baldwin
<adam_baldwin@ngenuity-is.com> wrote:
> The MiFi by Novatel Wireless (re-branded and sold by multiple vendors
> such as Sprint and Verizon) is a mobile wifi hotspot. The mifi also has
> a built in GPS to provide location based searching.
>
> *1. Authentication not required.*
