Sprint Overdrive Security Vulnerability

About

Kirk van Gorkom
I write code for a living. Some of it is cool, most of it works, and a little bit is shameful. I'm an irredeemable nerd in the city but flee to the mountains whenever time permits.
I'm obsessed with user interfaces and beautiful things of any kind.
I live with my beautiful wife and kids in Colorado Springs.

Find my programming blog at prng.vangorkom.org, random thoughts at kirk.vangorkom.org, and my family life at vangorkom.org
You should follow me on Twitter @kvangork

I'm a huge fan of my Overdrive mobile router, and will be even more so after all the travel I have planned for the next 2 months. In the process of writing an iPhone app to manage the device, I discovered a critical security vulnerability in all firmware versions prior to 1.07

The previous firmware versions didn't require a login to perform administrative functions at the server level. This means that anyone connected to your wifi network could have total control of the device, up to and including locking the owner out.

I'm happy to say that Sprint and Sierra Wireless' engineers have fixed the problem in firmware version 1.07, so make sure your Overdrive has been updated.

You can do so via the built-in admin interface (usually found at http://192.168.0.1) and the new firmware can be downloaded here.

Kirk’s Random Brain Dump

About