Russian security researchers have discovered that most of the 3G and 4G USB modems/sticks produced by Chinese hardware manufacturers, provided by mobile operators and telcos to their subscribers are wide open to attacks.
According to the researchers who tested many 3G and 4G modem sticks obtained from various telcos over the past few months, USB sticks produced by chinese hardware manufacturers Huawei and ZTE pose serious security threat.
The security researchers, Nikita Tarakanov and Oleg Kupreev have already managed to show many ways to attack the modems through software vulnerabilities.
This is possible because many chinese-made modems are identical, and therefore its software is very similar. Thus one can make an image of the modem’s file system, alter it and save it back on the modem.
The researchers pointed out that it appeared surprisingly easy to modify the software with the help of free instruments available from Huawei and other developers. Since the configuration files stored on the modem are in plain text, they can be easily modified, thus allowing the attackers to reroute traffic to their servers and redefine DNS servers used for broadband connection.
Additionally, most modems are set to automatically update software from a single update server and malicious intruders could potentially compromise the source server and take over (control of) heaps of modems handed out by multiple carriers.
In Singapore, these USB modems/sticks are offered by most telcos, normally bundled into a subscription.
All mobile phone’s OS system files are hidden, not restricted in a 2 environment file system like Blackberry 10, it will not take a nerd to figure out how to access these files via the telco’s network, and access all your data, there is virtually no security for most of all mobile devices. Every manufacturer knows how easy to Root a mobile device, it is doing over the network I am not at a liberty to teach, or there will be widespread abuse.
– Contributed by Oogle.