• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Microsoft uncovers macOS flaw allowing bypass TCC protections and exposing sensitive data

 | 

U.S. CISA adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog

 | 

Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover

 | 

Scattered Spider targets VMware ESXi in using social engineering

 | 

China-linked group Fire Ant exploits VMware and F5 flaws since early 2025

 | 

Allianz Life data breach exposed the data of most of its 1.4M customers

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55

 | 

Security Affairs newsletter Round 534 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

 | 

Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

 | 

Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

 | 

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

 | 

Koske, a new AI-Generated Linux malware appears in the threat landscape

 | 

Mitel patches critical MiVoice MX-ONE Auth bypass flaw

 | 

Coyote malware is first-ever malware abusing Windows UI Automation

 | 

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

 | 

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

 | 

Stealth backdoor found in WordPress mu-Plugins folder

 | 

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

 | 

U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Hacking
  • Security
  • USB Internet Modems vulnerability exposes Millions of PCs

USB Internet Modems vulnerability exposes Millions of PCs

Pierluigi Paganini August 18, 2013

The Indian security expert ‘Rahul Sasi’ found a USB Internet Modems vulnerability that could allow to gain Meterpreter shell or  full access to the victim just sending an SMS.

The Indian Security expert ‘Rahul Sasi‘ announced to have found a USB Internet Modems vulnerability that could allow an attacker to execute malicious code remotely simply sending an SMS to the victim.

The USB Internet Modems belong to a category of modem that allows to the Internet, through a connection to a GSM/CDMA network,  via USB Port creating a PPPoE (Point to Point protocol over Ethernet) interface to the user’s PC.

The researcher reported to the “The Hacker News” team that exploiting the USB Internet Modems vulnerability he could hack computers remotely to gain the Meterpreter shell or  full access to the victim’s computer.

The Indian researcher revealed that the USB Internet Modems vulnerability could be used on large scale considering that modems respond to a phone number which lies in a particular series. Each series of modems is equipped with a specific version of the USB modem software.

All local Indian modem vendors (e.g. Idea, Reliance, Tata) are exposed to the risk of exploiting for the USB Internet Modems vulnerability, no patch has yet released to fix it.

How is it possible an attack with SMSs?

Rahul Sasi explained in his post that USB Internet Modems have a built-in dialer software that has an interface to read and send SMSs.

“These devices are supplied with dialer software either written by the hardware manufacture or by the mobile supplier. They also come bundled with device driver. One of the interesting features that are added to these dialer software’s is an interface to read/sent SMS from your computer directly. This is mainly done for sending promotion offers and advertising. These SMS modules added to the dialers, simply check the connected USB modem for incoming SMS messages, and if any new message is found it’s parsed and moved to a local sqlite database, which is further used to populate the SMS viewer. The device driver, which comes default with these devices [devices are in CDFS file systems that has the software in it] are installed on the host system, they usually provide interrupt handling for asynchronous hardware interface.” Sasi explained.

This type of attack could not be detected by defense mechanisms such as a firewall because the SMS is received over a direct connection based on GSM/CDMA. 

Proof of concept –  code execution via SMS payloads

USB Internet Modems vulnerability POC

When SMS is received by the modem, the parser on dialer software read that content of message parsing it as privileged user storing output in local database, an attacker could exploit the process to execute malicious payloads sent via SMS.

According the attack scheme the victims could be hit simply being on-line when it receives a malicious payload.

DDoS attack exploiting the USB Internet Modems vulnerability

The researcher also highlighted the possibility to saturate parser capability for SMS analysis sending huge quantities of malformed SMS and causing a DDoS, every time the dialer software receives the message it crashes interrupting the Internet connection.

“One such attack would of great fun and profit. Imagine some one sending 1000 users ranging form mobile no 9xxxxxx000 – 9xxxxxx999 with a malformed SMS, in on such case u could knock all the online users offline instantly. Since the guaranteed bandwidth is shared among multiple users you now have the advantage of less users using the Internet, so probably better speed for us [evil].”

The phishing variant

Of course there is also the possibility to conduct a phishing attack exploiting the USB Internet Modems vulnerability as described by the researcher:

“These device parse display HTML hyperlinks in sms contents, so phishing based attacks can also be triggered via sms. So there are chances you can see Phishing attacks that might come in the form of an SMS asking users to download a malware to there computer, the following video will explain one such attack.”

USB Internet Modems vulnerability POC phishing

All local Indian vendors of USB Internet Modems i.e. Idea, Reliance, Tata etc. are also vulnerable to this attack. Millions of such active Modems / systems are vulnerable to cyber attack, since vendors never provided any patch for users via “Online Update” option available in the software.

Rahul Sasi has already reported to vendors and manufactures the details on the flaw , its impact could be devastating.

Pierluigi Paganini

(Security Affairs  USB Internet Modems vulnerability,  hacking)

 


facebook linkedin twitter

DDoS Hacking modem phishing security SMS USB USB Internet Modems vulnerability

you might also like

Pierluigi Paganini July 29, 2025
Microsoft uncovers macOS flaw allowing bypass TCC protections and exposing sensitive data
Read more
Pierluigi Paganini July 28, 2025
U.S. CISA adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Microsoft uncovers macOS flaw allowing bypass TCC protections and exposing sensitive data

    Hacking / July 29, 2025

    U.S. CISA adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog

    Security / July 28, 2025

    Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover

    Security / July 28, 2025

    Scattered Spider targets VMware ESXi in using social engineering

    Cyber Crime / July 28, 2025

    China-linked group Fire Ant exploits VMware and F5 flaws since early 2025

    Hacking / July 28, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT