• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Qilin ransomware claimed responsibility for the attack on the beer giant Asahi

 | 

DragonForce, LockBit, and Qilin, a new triad aims to dominate the ransomware landscape

 | 

DraftKings thwarts credential stuffing attack, but urges password reset and MFA

 | 

Redis patches 13-Year-Old Lua flaw enabling Remote Code Execution

 | 

U.S. CISA adds Synacor Zimbra Collaboration Suite (ZCS) flaw to its Known Exploited Vulnerabilities catalog

 | 

GoAnywhere MFT zero-day used by Storm-1175 in Medusa ransomware campaigns

 | 

CrowdStrike ties Oracle EBS RCE (CVE-2025-61882) to Cl0p attacks began Aug 9, 2025

 | 

Discord discloses third-party breach affecting customer support data

 | 

Oracle patches critical E-Business Suite flaw exploited by Cl0p hackers

 | 

LinkedIn sues ProAPIs for $15K/Month LinkedIn data scraping scheme

 | 

Zimbra users targeted in zero-day exploit using iCalendar attachments

 | 

Reading the ENISA Threat Landscape 2025 report

 | 

Ghost in the Cloud: Weaponizing AWS X-Ray for Command & Control

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 65

 | 

Security Affairs newsletter Round 544 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

GreyNoise detects 500% surge in scans targeting Palo Alto Networks portals

 | 

U.S. CISA adds Smartbedded Meteobridge, Samsung, Juniper ScreenOS, Jenkins, and GNU Bash flaws to its Known Exploited Vulnerabilities catalog

 | 

ShinyHunters Launches Data Leak Site: Trinity of Chaos Announces New Ransomware Victims

 | 

ProSpy, ToSpy malware pose as Signal and ToTok to steal data in UAE

 | 

Google warns of Cl0p extortion campaign against Oracle E-Business users

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Hacking
  • Security
  • USB Internet Modems vulnerability exposes Millions of PCs

USB Internet Modems vulnerability exposes Millions of PCs

Pierluigi Paganini August 18, 2013

The Indian security expert ‘Rahul Sasi’ found a USB Internet Modems vulnerability that could allow to gain Meterpreter shell or  full access to the victim just sending an SMS.

The Indian Security expert ‘Rahul Sasi‘ announced to have found a USB Internet Modems vulnerability that could allow an attacker to execute malicious code remotely simply sending an SMS to the victim.

The USB Internet Modems belong to a category of modem that allows to the Internet, through a connection to a GSM/CDMA network,  via USB Port creating a PPPoE (Point to Point protocol over Ethernet) interface to the user’s PC.

The researcher reported to the “The Hacker News” team that exploiting the USB Internet Modems vulnerability he could hack computers remotely to gain the Meterpreter shell or  full access to the victim’s computer.

The Indian researcher revealed that the USB Internet Modems vulnerability could be used on large scale considering that modems respond to a phone number which lies in a particular series. Each series of modems is equipped with a specific version of the USB modem software.

All local Indian modem vendors (e.g. Idea, Reliance, Tata) are exposed to the risk of exploiting for the USB Internet Modems vulnerability, no patch has yet released to fix it.

How is it possible an attack with SMSs?

Rahul Sasi explained in his post that USB Internet Modems have a built-in dialer software that has an interface to read and send SMSs.

“These devices are supplied with dialer software either written by the hardware manufacture or by the mobile supplier. They also come bundled with device driver. One of the interesting features that are added to these dialer software’s is an interface to read/sent SMS from your computer directly. This is mainly done for sending promotion offers and advertising. These SMS modules added to the dialers, simply check the connected USB modem for incoming SMS messages, and if any new message is found it’s parsed and moved to a local sqlite database, which is further used to populate the SMS viewer. The device driver, which comes default with these devices [devices are in CDFS file systems that has the software in it] are installed on the host system, they usually provide interrupt handling for asynchronous hardware interface.” Sasi explained.

This type of attack could not be detected by defense mechanisms such as a firewall because the SMS is received over a direct connection based on GSM/CDMA. 

Proof of concept –  code execution via SMS payloads

USB Internet Modems vulnerability POC

When SMS is received by the modem, the parser on dialer software read that content of message parsing it as privileged user storing output in local database, an attacker could exploit the process to execute malicious payloads sent via SMS.

According the attack scheme the victims could be hit simply being on-line when it receives a malicious payload.

DDoS attack exploiting the USB Internet Modems vulnerability

The researcher also highlighted the possibility to saturate parser capability for SMS analysis sending huge quantities of malformed SMS and causing a DDoS, every time the dialer software receives the message it crashes interrupting the Internet connection.

“One such attack would of great fun and profit. Imagine some one sending 1000 users ranging form mobile no 9xxxxxx000 – 9xxxxxx999 with a malformed SMS, in on such case u could knock all the online users offline instantly. Since the guaranteed bandwidth is shared among multiple users you now have the advantage of less users using the Internet, so probably better speed for us [evil].”

The phishing variant

Of course there is also the possibility to conduct a phishing attack exploiting the USB Internet Modems vulnerability as described by the researcher:

“These device parse display HTML hyperlinks in sms contents, so phishing based attacks can also be triggered via sms. So there are chances you can see Phishing attacks that might come in the form of an SMS asking users to download a malware to there computer, the following video will explain one such attack.”

USB Internet Modems vulnerability POC phishing

All local Indian vendors of USB Internet Modems i.e. Idea, Reliance, Tata etc. are also vulnerable to this attack. Millions of such active Modems / systems are vulnerable to cyber attack, since vendors never provided any patch for users via “Online Update” option available in the software.

Rahul Sasi has already reported to vendors and manufactures the details on the flaw , its impact could be devastating.

Pierluigi Paganini

(Security Affairs  USB Internet Modems vulnerability,  hacking)

 


facebook linkedin twitter

DDoS Hacking modem phishing security SMS USB USB Internet Modems vulnerability

you might also like

Pierluigi Paganini October 08, 2025
Qilin ransomware claimed responsibility for the attack on the beer giant Asahi
Read more
Pierluigi Paganini October 08, 2025
DragonForce, LockBit, and Qilin, a new triad aims to dominate the ransomware landscape
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Qilin ransomware claimed responsibility for the attack on the beer giant Asahi

    Cyber Crime / October 08, 2025

    DragonForce, LockBit, and Qilin, a new triad aims to dominate the ransomware landscape

    Cyber Crime / October 08, 2025

    DraftKings thwarts credential stuffing attack, but urges password reset and MFA

    Security / October 08, 2025

    Redis patches 13-Year-Old Lua flaw enabling Remote Code Execution

    Security / October 08, 2025

    U.S. CISA adds Synacor Zimbra Collaboration Suite (ZCS) flaw to its Known Exploited Vulnerabilities catalog

    Hacking / October 07, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT