Categories: HackingSecurity

USB Internet Modems vulnerability exposes Millions of PCs

The Indian security expert ‘Rahul Sasi’ found a USB Internet Modems vulnerability that could allow to gain Meterpreter shell or  full access to the victim just sending an SMS.

The Indian Security expert ‘Rahul Sasiannounced to have found a USB Internet Modems vulnerability that could allow an attacker to execute malicious code remotely simply sending an SMS to the victim.

The USB Internet Modems belong to a category of modem that allows to the Internet, through a connection to a GSM/CDMA network,  via USB Port creating a PPPoE (Point to Point protocol over Ethernet) interface to the user’s PC.

The researcher reported to the “The Hacker News” team that exploiting the USB Internet Modems vulnerability he could hack computers remotely to gain the Meterpreter shell or  full access to the victim’s computer.

The Indian researcher revealed that the USB Internet Modems vulnerability could be used on large scale considering that modems respond to a phone number which lies in a particular series. Each series of modems is equipped with a specific version of the USB modem software.

All local Indian modem vendors (e.g. Idea, Reliance, Tata) are exposed to the risk of exploiting for the USB Internet Modems vulnerability, no patch has yet released to fix it.

How is it possible an attack with SMSs?

Rahul Sasi explained in his post that USB Internet Modems have a built-in dialer software that has an interface to read and send SMSs.

“These devices are supplied with dialer software either written by the hardware manufacture or by the mobile supplier. They also come bundled with device driver. One of the interesting features that are added to these dialer software’s is an interface to read/sent SMS from your computer directly. This is mainly done for sending promotion offers and advertising. These SMS modules added to the dialers, simply check the connected USB modem for incoming SMS messages, and if any new message is found it’s parsed and moved to a local sqlite database, which is further used to populate the SMS viewer. The device driver, which comes default with these devices [devices are in CDFS file systems that has the software in it] are installed on the host system, they usually provide interrupt handling for asynchronous hardware interface.” Sasi explained.

This type of attack could not be detected by defense mechanisms such as a firewall because the SMS is received over a direct connection based on GSM/CDMA. 

Proof of concept –  code execution via SMS payloads

When SMS is received by the modem, the parser on dialer software read that content of message parsing it as privileged user storing output in local database, an attacker could exploit the process to execute malicious payloads sent via SMS.

According the attack scheme the victims could be hit simply being on-line when it receives a malicious payload.

DDoS attack exploiting the USB Internet Modems vulnerability

The researcher also highlighted the possibility to saturate parser capability for SMS analysis sending huge quantities of malformed SMS and causing a DDoS, every time the dialer software receives the message it crashes interrupting the Internet connection.

“One such attack would of great fun and profit. Imagine some one sending 1000 users ranging form mobile no 9xxxxxx000 – 9xxxxxx999 with a malformed SMS, in on such case u could knock all the online users offline instantly. Since the guaranteed bandwidth is shared among multiple users you now have the advantage of less users using the Internet, so probably better speed for us [evil].”

The phishing variant

Of course there is also the possibility to conduct a phishing attack exploiting the USB Internet Modems vulnerability as described by the researcher:

“These device parse display HTML hyperlinks in sms contents, so phishing based attacks can also be triggered via sms. So there are chances you can see Phishing attacks that might come in the form of an SMS asking users to download a malware to there computer, the following video will explain one such attack.”

All local Indian vendors of USB Internet Modems i.e. Idea, Reliance, Tata etc. are also vulnerable to this attack. Millions of such active Modems / systems are vulnerable to cyber attack, since vendors never provided any patch for users via “Online Update” option available in the software.

Rahul Sasi has already reported to vendors and manufactures the details on the flaw , its impact could be devastating.

Pierluigi Paganini

(Security Affairs  USB Internet Modems vulnerability,  hacking)

 

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

American fast-fashion firm Hot Topic hit by credential stuffing attacks

Hot Topic suffered credential stuffing attacks that exposed customers' personal information and partial payment data.…

2 hours ago

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

16 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

23 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

1 day ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

2 days ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

2 days ago

This website uses cookies.