back to article Patch for EE's 4G Wi-Fi mini modem nails local privilege escalation flaw

Telco EE's Mini Wi-Fi modem needs to be updated with a recently issued patch. A local privilege escalation vulnerability in the Alcatel-manufactured tech, discovered by ZeroDayLab, could be used to plant malware or steal info from Windows computers that use the kit for internet connectivity, the researchers warned. This …

  1. Crazy Operations Guy

    "a minor security issue"

    If a trivial flaw that allows anyone to run code with kernel-level permissions is a 'minor issue', I have to wonder what they'd consider 'major'. Like, what, does it have to somehow spawn arms and stab the user to death before burning down their house?

    1. Cuddles

      Re: "a minor security issue"

      "does it have to somehow spawn arms and stab the user to death before burning down their house?"

      It's the problem of using a scale that needs to accommodate things like this at one end, and the Samsung Note at the other.

  2. Anonymous Coward
    Anonymous Coward

    "Minor" because if you leave your laptop and/or any of your USB devices unattended in a public place, you are pretty much toast anyway.

    In the simplest case: someone could replace the USB dongle with something completely different and malicious but which looks the same from the outside. No software patch is going to protect against that.

    1. Crazy Operations Guy

      You don't need to leave it in a public place, this flaw could be exploited by someone that is normally allowed to use the machine, but not trusted with anything more than guest access rights. Like, say a work laptop. The dongle doesn't even have to be installed, just the driver software, so not out of the realm of possibility for the software to be installed as part of a corporate-standard image, in which case all of them would be exploitable.

      The problem is that they set the driver's directory to give full permissions to the 'everyone' group, this even applies to the service executable, which runs at a security level that not even an enterprise admin has when logged in. (Essentially they set it to 777 and configured the daemon to run as root).

      Really, the only thing you need to do is run cp <Malicious executable> C:\Program Files (x86)\Web Connecton\BackgroundService.exe as anyone who can access the system, and now you have unfettered access to the entire system at next boot. Hell, this could even be embedded into a simple autorun script.

  3. Anonymous Coward

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like