back to article 0day remote code exec holes in mobile modems can read SMS and HTTP

Russian security tester Timur Yunusov has found critical vulnerabilities in routers and 3G and 4G modems from Huawei, ZTE, Gemtek, and Quanta. The flaws mean attackers could completely compromise machines and intercept SMS and HTTP traffic. The research first detailed in December and showcased to hackers yesterday at the …

  1. mof
    Unhappy

    No worries. We'll just patch it. oh. Wait a sec....

    Don't all operators sell re-badged routers and 3G/4G modems from Huawei, ZTE, Gemtek, and Quanta?

    I'm sure there must be an easy way to patch these.

    Oh. Wait a sec...

    Now I'm sad.

  2. Christian Berger

    Well that's just a scratch on the surface...

    ... those modems are also connected via radio to mobile phone networks. Those are _extremely_ complex protocols implemented by very few companies with no security audits at all. So it's very likely that your modem can be compromised with a fake base station.

    Such an exploit would be highly valuable as you can make it exploit a large chunk of the market, as those chipsets all run more or less the same code, probably even the same binary code. While on PCs you are still limited by what you can do via USB, on smart phones you have direct access to the RAM of your "Application Processor".

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022