MiFi Exploit Shows GPS Position and Security Settings for Your Mobile Hotspot

We may earn a commission from links on this page.

We're fans of Novatel's MiFi hotspots, which allow a 3G connection to be converted into Wi-Fi. What we are not fans of is a new exploit that lets hackers reveal your location and all your security info.

The exploit, which affects the MiFi 2200s sold by Verizon and Sprint, kicks in when users visit a certain website.

"Among the information the MiFi 2200 will readily share is the WiFi security key – sent in clear text – and with some Javascript Baldwin showed it was possible to change the hotspot's settings to the point where a factory reset is required in order to restore functionality to the user. Even if GPS is turned off, a remote command can be used to switch it back on.

A further exploit can extract the entire configuration of the MiFi, again in clear text, including all of the security settings."


If you're a MiFi user, just be careful out there until Novatel issues a fix. [UMPC Portal via SlashGear]