Your 3G and 4G modems can be exploited by hackers using a 0-day flaw to spy on you
The 3G or 4G modem you use to connect to the Internet can be used by hackers to intercept your HTTP and SMS traffic. Russian security tester Timur Yunusov has found critical vulnerabilities in routers and 3G and 4G modems from Huawei, ZTE, Gemtek, and Quanta.
The zero-day was first noticed in December 2015 but demonstrated by Yunusov yesterday at the Nullcon conference in Goa. Yunusov proceeded to reveal flaws in eight 3G and 4G modems.
A query on the Internet of Things vulnerability testing search engine, Shodan allowed him to find more than 42,000 vulnerable devices exposed on the web. Yunusov said that he could find as many as 2800 Gemtek modems and routers and 1250 from Quanta and ZTE with the unpatched flaw.
“All the modem models investigated had critical vulnerabilities leading to complete system compromise,” Yunusov told The Register. “Virtually all the vulnerabilities could be exploited remotely.
“Not all the modems had vulnerabilities in their factory settings; some of them appeared after the firmware was customised by the service provider,” he added.
Yunusov also added that all the devices he tested, lacked cross-site request forgery protection that combined with a lack of filters meant 60 percent were exposed to remote code execution.
During research he found that modems made by Gemtek, Huawei and Quanta devices could be hacked by uploading arbitrary firmware on the units allowing to completely compromise them. Out of eight modems, Yunusov tested, four modems could be hacked using cross-site scripting vulnerabilities. These vulnerabilities could be used to remotely infect the victim’s PC and intercept HTTP and SMS traffic.
