We're fans of Novatel's MiFi hotspots, which allow a 3G connection to be converted into Wi-Fi. What we are not fans of is a new exploit that lets hackers reveal your location and all your security info.

Advertisement

The exploit, which affects the MiFi 2200s sold by Verizon and Sprint, kicks in when users visit a certain website.

"Among the information the MiFi 2200 will readily share is the WiFi security key – sent in clear text – and with some Javascript Baldwin showed it was possible to change the hotspot's settings to the point where a factory reset is required in order to restore functionality to the user. Even if GPS is turned off, a remote command can be used to switch it back on.

A further exploit can extract the entire configuration of the MiFi, again in clear text, including all of the security settings."

Advertisement

If you're a MiFi user, just be careful out there until Novatel issues a fix. [UMPC Portal via SlashGear]