Security researchers have discovered a flaw in a popular Huawei LTE modem that could have allowed hackers to remotely execute code and launch DoS attacks to hijack devices.
The flaws, since patched by Huawei, affect its E3272 USB modem, which retails for £75. According to researchers Timur Yunusov and Kirill Nesterov of Positive Technologies, the vulnerabilities allow an attacker to send a malicious packet to the modem This then leads to a DOS attack and remote arbitrary code execution via an XSS attack or stack overflow.
“By exploiting detected flaws, an intruder can gain rights on a remote modem, take control over the computer connected to the vulnerable modem, and obtain access to the subscriber's account in the mobile operator's portal. Moreover, attacks on SIM cards via binary SMS messages allow an attacker to intercept and decrypt a subscriber's traffic, track his or her location, and block the SIM card,” the researchers said in a blog post.
The flaw only came to light this month with patching happening in August. The security researchers had found the bugs when undertaking large-scale research on flaws in 4G USB modems both in software and firmware.
In a security bulletin, Huawei said a hacker could “send a malicious packet to the Common Gateway Interface (CGI) of target device and make it fail while setting port attribute, which cause a DoS attack.”
In as statement to SCMagazineUK.com, a spokeswoman for Huawei said that the vulnerability was addressed in our online Security Advisory last week.” Customers can contact Huawei Technical Assistance Centre to request the upgrade. We welcome any feedback on vulnerabilities and have a very clear process for reporting and responding to them,” she added.
The researchers said that this was not the first time they had uncovered flaws in telecoms equipment. The researchers said that in January 2015, Evgeny Stroev issued a report on severe SNMP vulnerabilities in network equipment produced by Huawei and H3C. Those vulnerabilities allowed penetrating a corporate network of any company, including a technological network of a mobile carrier.
Research, carried out by Dmitry Kurbatov, Sergey Puzankov, and Pavel Novikov in February 2015, revealed that some 2G and 3G mobile networks could be accessed via the internet because of open GTP ports and other open data transfer protocols (FTP, Telnet, HTTP). An attacker can connect to the node of a mobile network operator by exploiting vulnerabilities (for example, default passwords) in these interfaces, the researchers said.
Gavin Reid, vice president of threat intelligence at Lancope, told SCMagazineUK.com that the vulnerability impacts USB inserted modems and their supporting operating system. “While important to be fixed, some of the severity is lessened by the fact you need to be logged into the PC the device is using to exploit this vulnerability,” he said.
Reid added that this highlights the need for vendors to take ownership, test end-end and ensure the security all of the software supporting their devices and not just the stuff they coded. “Similarly the need for well-tested shared APIs and code that can be reused by all would be foundation against these types of attacks.”
Dave Larson, CTO at Corero Network Security, told SCMagazineUK.com that the danger with distributed denial or service attacks is that there are countless devices, servers, applications and so on that are vulnerable to being exploited as an attack vehicle. “These Huawei modems are merely the latest to be exploited,” he said.
“If you combine this reality with the ever increasing bandwidth available for dispersing attack traffic, it becomes clear that more new attack vectors, like this one, will be developed,” said Larson. “Mobile operators are becoming more aware of this challenge and how mobile networks can be leveraged to amplify this threat. Defeating DDoS in a mobile environment is critical and should be considered a significant component of an operator's layered security strategy.”