3G/4G modems continue to be vulnerable

Researchers have conducted a series of tests on popular 3G/4G mobile modems (data dongles) and routers discovered an impressive number of serious flaws.

Sometimes old news came back threatening our cyber security, all because 3G/4G dongles keep in being as vulnerable as they were in the past.

In the last report issued by the SCADA Strangelove team, the authors demonstrated that 3G/4G dongles are vulnerable to several attacks, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF) and integrity attacks.

The experts tested a wide range of attacks against these devices, including SIM card cloning, data interception, subscriber location, device identification, code injection, PC infection, access to user accounts on the operator’s website, and APT attacks.

The SCADA Strangelove team tested devices from various vendors, such as Huawei (two different modems and a router), Gemtek (a modem and a router), Quanta (two modems) and ZTE (one modem)

The results are disconcerting, a significant number of vulnerabilities were found in this equipment:

Researchers collected data in a week, the explained that is quite simple to verify them using Shodan and querying for “mini_httpd/1.19 19dec2003 /html/index.html“.

We will not enter in details of the attacks (or it would be a long article) for this reason I suggest you to read the report, instead I prefer to share with you the results of the tests:

5 devices were vulnerable to Remote Code Execution
6 devices were vulnerable to Integrity attacks
5 devices were vulnerable to Cross-Site Request Forgery
4 devices were vulnerable to Cross-Site Scripting

In the next table are reported the attacks carried out by the experts:

Summarizing, Huawei modems with the most recent firmware updates are the ones with a better layer of security … there is still much to do with 3G/4G dongles.

About the Author Elsio Pinto

Elsio Pinto (@high54security) is at the moment the Lead McAfee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog McAfee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog McAfee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog http://high54security.blogspot.com/

Edited by Pierluigi Paganini

(Security Affairs – hacking, modems)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.