Russian security researcher Timur Yunusov discovered several vulnerabilities points κρίσιμης σημασίας (Zero Day) σε routers και modems 3G και 4G που χρησιμοποιούν συσκευές της Huawei, ZTE, Gemtek και Quanta. Οι vulnerabilities allow attackers to compromise devices with simple SMS but also via HTTP connections.
Η research and Zero Day were first detailed in December at hackers που παρακολούθησαν το συνέδριο Nullcon στην Γκόα και αποκάλυψαν τα un-patched κενά security from eight devices of the above companies.
Timur Yunusov, a consultant for Positive Technologies, discovered that Gemtek's Quanta and ZTE modems and routers are exposed to Shodan.
"All models contained critical vulnerabilities," says Yunusov. "Virtually all vulnerabilities could be exploited from afar."
Four of the eight modems and routers contain vulnerabilities cross-site scripting που επιτρέπουν τη μόλυνση του συστήματος, την υποtheft SMS and locate the victim.
“As long as we can penetrate one modem … μπορούμε να μολύνουμε και τον computer where the device is connected, which gives us many ways to intercept the computer's data.”
It should be mentioned that Yunusov and team showed us last year how an SMS could be used for an attacker to gain access to rail systems and derail trains.