Huawei USB Modems Vulnerable.
Huawei USB Modems Vulnerable.
Huawei has been accused of poor
security practice by Russian researcher Nikita Tarakanov, who told Black Hat
Europe last week that the vendor's 3G and 4G devices are vulnerable and its
update server is a massive attack vector.
The update server in the Netherlands that Tarakanov tested
probably isn't the only one used by Huawei, but he found it was running on the
hoary code of Windows IIS 6.0 – a relic from Windows Server 2003. If the server
were compromised, he said, an attacker could distribute a malicious update to
millions of dongle users.
While the executable the USB keys run is signed, he says the modems' plaintext
configuration files are another matter: easy to modify in ways that would point
the modems to malicious software. Two examples given in Network
World are that an attacker
could change the DNS the modems use, pointing users to malicious Websites; and
a built-in anti-virus installer parameter, which could be modified to install
malicious software.
There are also privilege escalation vulnerabilities under both
Windows and OS X. According to The
H Security, the latter vulnerability was a last-second addition to the
presentation after iOS researcher Stefan Esser discovered and tweeted it from
the conference: the Huawei OS X update app (ouc.app) has unrestricted access to
/usr/local.
"Can anyone verify that the Telekom LTE Stick from Huawei
makes /usr/local world writable on OSX? WTF?", Esser posted.
While
the research was conducted in Russia, Tarakanov believes the vulnerabilities
aren't specific to that country.
Comments