Mobile broadband modems are 'easy to attack,' says researcher


LAS VEGAS--Mobile broadband modems, used by business travelers and others to get 4G speeds on their laptops, are vulnerable to web-based attack, warned Andreas Lindh, security analyst with ISecure Sweden, during a session at the Black Hat security conference.

Mobile broadband modems, also known as USB modems, are "easy to attack" because vendors share their codes.

"If you can get an attack working on one device, there is a pretty good chance that attack will work on other devices," Lindh said.

The USB modem market is dominated by two vendors--Huawei and ZTE--which together control 80 percent of the market, according to stats from Strategy Analytics cited by Lindh.

USB modems run embedded Linux, have Web interfaces and do not require authentication, making them susceptible to intrusion.

Attackers have three primary attack vectors: configuration attacks, functionality abuse and injection attacks.

One type of configuration attack is called domain name system (DNS) poisoning, which is the "corruption of an Internet server's domain name system table by replacing an Internet address with that of another, rogue address," according to TechTarget's Margaret Rouse.

Modems come with a default connection profile, Lindh explains. An intruder can use a cross-site request forgery (CSRF) attack to add a new profile, replacing the default profile, without the user's knowledge. Then he could gain backdoor access to any device connected to the laptop.

"This is an easy and powerful attack," opined Lindh.

A type of functionality abuse is launching a CSRF attack to make the modem send SMS messages to a premium number operated by the attacker.

Lindh explained that he informed the vendors about the vulnerabilities. Unfortunately, vendors can't push fixes directly to end users but must go through the carriers. As a result, "most devices will never get patched," he lamented.

For more:
- read Margaret Rouse's explanation on cache poisoning

Related Articles:
TechNavio: Mobile device semiconductors, touch panel displays to see healthy growth
Mobile broadband modem, router market will decline slightly this year
Ericsson: Mobile broadband subscriptions to exceed 2 billion this year