Security researcher Andreas Lindh has disclosed the discovery of vulnerabilities in many 3G and 4G USB modems that leave targets vulnerable to cross-site request forgery (CSRF) attacks that could be used steal login credentials or commit fraud by running up victim’s phone bills.
Lindh says that the vulnerabilities could allow attackers to use fake websites designed to look like legitimate ones in order to capture usernames and passwords and send them via SMS back to the attacker, or send costly texts to premium rate numbers controlled by the attacker.
“I fairly quickly found a CSRF vulnerability that would allow me to make the modem send a text message to any number of my choosing, simply by having the user go to a website under my control,” Lindh said. “Unlike Wi-Fi routers, there is no login functionality for USB modems so I didn’t have to worry about bypassing authentication.”
Aside from SMS fraud that would benefit an attacker monetarily, the technique could be quite useful in spear-phishing attacks, according to one expert.
“It’s not hard to see how an attacker could turn this hack into a money-making scheme by having the modem send SMS messages to a premium rate number under their control,” Virus Bulletin’s Martijn Grooten said. “But it can also be used in a rather cunning spear-phishing attack, which would be especially useful given that these modems are mostly used by corporate customers.”
Oxford University’s David Rogers said the vulnerability is similar to the one in EE BrightBox routers recently disclosed by researcher Scott Helme, which would allow attackers remote access to the devices and exposed potentially sensitive information, such as an md5 hash of the device admin password ISP user credentials.
“Someone could grab someone else’s dongle and use it for free. We’ve heard a lot about backdoors in equipment as a result of the Snowden leaks but the main thing that’s going to affect people from this one is criminal. Fortunately the problem is easily fixed,” Rogers said.
Read More Here…