3G/4G modem of security vulnerabilities can cause the device to be completely control-vulnerability warning-the black bar safety net

ID MYHACK58:62201569681
Type myhack58
Reporter 佚名
Modified 2015-12-04T00:00:00


! Recently, security experts found in the survey, from the four manufacturers of cellular modems in the presence of cross-site scripting vulnerabilities, cross-site request-forgery vulnerability and remote code execution vulnerabilities and may suffer from integrity attacks. The survey by Positive Technologies initiate, SCADA Strangelove team involved in the implementation, mainly related to the Huawei(Huawei), body, technology, Gemtek and quanta technology Quanta and ZTE modem products. The survey mainly for many manufacturers in the presence of a widespread problem: the majority of manufacturers accustomed to the hardware vendor's code as a basis for the design of products, and often do not make any changes. By the survey respondents as including two Gemtek, two Quanta, a ZTE and three Huawei test, found that these products are exist a remote code execution vulnerability, and in addition to Huawei's products are outside the presence of malicious firmware. ! Figure a test of the product data statistics Vulnerability detection Involved in the testing of the modem of the vulnerability could cause a remote attacker to completely control the device. The following Press vulnerability the severity of these vulnerabilities will be described: 1, a remote code execution vulnerability The vulnerability is caused mainly for three reasons: these products ofWeb serverare based on the simple for proper filtering of the CGI script; the modem requires the use of the file system to send AT commands, read and write SMS messages and configure the firewall rules, etc.; these products are not CSRF protection, so that the attacker may be by means of social engineering and malicious websites request to execute remote code. Therefore, sixty percent of the Modems in the presence of a remote code execution vulnerability. Where the only the Huawei official released part of the vulnerability, the rest is still 0day vulnerability 2, integrity vulnerability In these products, three is to configure the anti-firmware tamper protection, which have both used the same the integrity of the detection algorithm, in this algorithm the attacker can inject code to modify the firmware; one using only the RC4 algorithm firmware encryption, the attacker can extract the encryption key and determines the encryption algorithm, and then change the firmware. Wherein there are three do not have any integrity protection mechanism and firmware upgrade require local access to the COM interface. The last two paragraphs it must be through the operator's network, by means of FOTA mobile terminal of the OTA software upgrade technology upgrade. 3, a cross-site request forgery vulnerability Cross-site request forgery attack is mainly used for remote upload the modified firmware, and complete the code implantation. For each request using the unique token is to prevent such attacks in the effective method. 4, a cross-site scripting vulnerability The use of cross-site scripting vulnerabilities affect a very wide range, from host infection to the SMS message interception are likely to occur. The survey is mainly directed to make AntiCSRF check and the same-origin policy of the firmware upload. Summary With the above discovery of these vulnerabilities, an attacker can determine the target position, the intercepting and generating the SMS message and a USSD request, the Read HTTP and HTTPS traffic, attack the a SIM card box to intercept 2G traffic, even through the carrier's network to the site and equipment for the worm infection. The investigation found that Huawei's using the latest firmware of the modem is the most secure, the operator is only allowed in the firmware to add some visual element and to turn on/enable specific functions, and will timely repair vulnerabilities. The investigation of these modem products, once the attacker compromised, it may affect the entire network, so manufacturers in the design and production process be sure to pay more attention to product safety.