Two Steps to Take to Secure Your Verizon MiFi From Being Hacked in Seconds

Ugh! I really really hate to read news like this from Threat Post (Kapersky Labs)…

Verizon MiFi Device Hacked

Security research Joshua Wright used the Open Source Kismet WiFi sniffer to study Verizon’s MiFi data stream. He found:

– The SSID on the MiFi’s label was slightly different from what was transmitted
– The default password (also on the label) is cryptographicaly weak (100,000 possible passwords)

He then wrote a very short Python script to use with a WPA cracking tool. A pair of WiFI hacking tools then let him fake a deauthenicate mesage to the MiFi. A brute force attack using yet another tool obtained the MiFi’s PSK passphrase in 4.6 seconds.

Following this brute force success, he refined the strategy using the MiFi’s SSID naming convention to narrow the search window. The result is a technique that can determine the passphrase of any Verizon MiFi in seconds.

Via Slashdot: Verizon MiFi Owned By Simple Attack

So, should you take your MiFi and go hide in a hole in the sand? Not at all. Joshua offers a quick and easy way to reduce the probability that someone can use the techniques he described to hack your MiFi:

1. Change the default PSK passphrase. Choose a passphrase at least 20 characters long
2. Change the default SSID to reduce the success of precomputed PSK attacks