The security tester Timur Yunusov has found critical vulnerabilities in routers and 3G and 4G modems from Gemtek, ZTE, Huawei and Quanta. Due to these flaws, cyber criminals could fully compromise virtual machines and intercept SMS and HTTP traffic from the devices.
First, Yunusov detailed in December and showcased to hackers yesterday at the Nullcon conference in Goa revealed un-patched flaws in eight devices of which thousands were exposed over the Shodan device search engine.
The security researcher found some 2800 Gemtek modems and routers and 1250 from Quanta and ZTE exposed over Shodan.
“All the modem models investigated had critical vulnerabilities leading to complete system compromise,” Yunusov claims. “Virtually all the vulnerabilities could be exploited remotely.”
“Not all the modems had vulnerabilities in their factory settings; some of them appeared after the firmware was customized by the service provider.”
According to Yunusov, almost all devices lacked cross-site request forgery protection which combined with a lack of filters meant 60% were exposed to remote code execution.
There are three sported defences against firmware modifications, though each of these could be compromised and undermined.
Four of the eight modems and routers contain cross-site scripting vulnerabilities permitting infection of hosts and SMS interception for dedicated attackers who put in extra effort to locate targets.
The tester provided examples of how to exploit the vulnerable devices including how to own connected computers.
“If we penetrate a modem … infecting a PC connected to it provides us with many ways to steal and intercept the PC user’s data,” the tester explains.
Some time ago, Timur Yunusov and his team have found nasty holes in popular modem kit, including holes in Huawei devices which let hackers compromise connected virtual machines.
