The hacker who spread the massive MySpace worm in 2005, Samy Kamkar, has published a attack that identifies a victim's geographic location via his router.

The attack is based on XSS (cross-site scripting) bug in Verizon FiOS wireless routers which allowed obtaining the browser's MAC (eng. Media Access Control) address. After that, it is necessary to map address to the GPS (eng. Global Positioning System) coordinates via Google Location Services. For the attack to work, the victim must use his router to visit a malicious or infected Website. But exploiting an XSS bug on a router can allow some other attacks, as well, including rerouting the traffic to a malicious router. The crux of the problem is that security isn't part of the equation in router software. To protect themselves, users should change default passwords when they configure routers. Also they shouldn't remain logged into their router administrative interface for a long time. Additional information can be found on darkREADING web site where the original new is published.