Positive Technologies researchers Timur Yunusov and Kirill Nesterov have found since-patched remote execution and denial of service vulnerabilities in a popular Huawei 4G USB modem that can allow attackers to hijack connected computers.
The Huawei E3272 USB modem sells from about US$120 on Amazon.
Researchers say the vulnerabilities are exploitable through malicious packets sent to the device’s gateway, and thanks to cross-site scripting (XSS) and stack overflow holes.
“By exploiting detected flaws, an intruder can gain rights on a remote modem, take control over the computer connected to the vulnerable modem, and obtain access to the subscriber’s account in the mobile operator’s portal,” the researchers say.
“Moreover, attacks on SIM cards via binary SMS messages allow an attacker to intercept and decrypt a subscriber’s traffic, track his or her location, and block the SIM card.
View full story