Security vulnerabilities in 3G modems

A vulnerability in the modem that participated in the test could cause the remote attacker to take complete control of the device. These vulnerabilities are described below by the severity of the vulnerability:

1, remote code execution vulnerability

There are three main reasons for this vulnerability: the Web servers for these products are based on simple CGI scripts for proper filtering; modems need to use the file system to send AT commands, read and write SMS messages, and configure firewall rules; There is no CSRF protection, so that an attacker can execute remote code with the help of social engineering and malicious website requests. Therefore, there are remote code execution vulnerabilities in 60% of modems. (There are only some Huawei vulnerabilities announced, and the rest are still 0day vulnerabilities)

2, integrity vulnerability

Of these, three are equipped with anti-firmware tamper protection, two of which use the same integrity detection algorithm, in which the attacker can modify the firmware by injecting code; one of them only uses the RC4 algorithm. Firmware encryption allows an attacker to extract the encryption key and determine the encryption algorithm to change the firmware.

Three of these do not have any integrity protection mechanisms, and firmware upgrades require local access to the COM interface.

The last two must be upgraded via the carrier's network using FOTA (over the air download software upgrade for mobile terminals) technology.

3. Cross-site request forgery vulnerability

Cross-site request forgery attacks are mainly used to remotely upload modified firmware and complete code injection. Using a unique token for each request is an effective way to prevent such attacks.

4, cross-site scripting vulnerability

Attacks that exploit cross-site scripting vulnerabilities can range from host infections to SMS message interceptions. The survey is aimed at firmware uploads that allow AntiCSRF checks and homology policies.http://www.yeacommtech.com/

Tags:

Leave your messages:

Send Inquiry Now
Send Inquiry Now