Security 101 fail: 3G/4G modems expose control panels to hackers

[InfoSec News <alerts () infosecnews org>]

http://www.theregister.co.uk/2014/01/30/3gmodem_security_peril/

By John Leyden
The Register
30th January 2014

Vulnerabilities in a number of 3G and 4G USB modems can be exploited to 
steal login credentials -- or rack up victims' mobile bills by sending 
text messages to premium-rate numbers -- a security researcher warns.

Andreas Lindh claims that all the devices he has looked at so far are 
managed via their built-in web servers and -- you guessed it -- are 
vulnerable to cross-site request forgery (CSRF) attacks. This means a 
malicious website visited by a victim can quietly and automatically access 
the USB modem's control-panel web page and tamper with the device.

Thus, a vulnerable gadget can be tricked into sending SMS messages over 
the mobile network to a miscreant-controlled premium-rate number. 
Similarly, a malicious web page could masquerade as a legit login page -- 
such as the account sign-in page for Twitter -- and covertly text the 
victim's intercepted username and password to the hacker.

Lindh demonstrated he was able to contain a counterfeit Facebook login 
page in a data URI hidden behind a TinyURL link, which could be sent to a 
victim by email or a social network: opening the data URI renders the 
bogus Facebook page in the browser, and when the user submits his or her 
username and password, some cunning JavaScript texts the credentials via 
the connected vulnerable USB modem.

[...]



--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/