Russian security researcher Timur Yunusov discovered quite a bit vulnerabilities of critical importance (Zero Day) on 3G and 4G routers and modems using Huawei, ZTE, Gemtek and Quanta devices. The vulnerabilities allow attackers to compromise devices with simple SMS but also via HTTP connections.
Η research and Zero Day were first detailed in December to hackers attending the Nullcon conference in Goa and revealed un-patched security holes from eight devices from the above companies.
Timur Yunusov, consultant of Positive Technologies, discovered that Gemtek, Quanta and ZTE modems and routers are exposed to Shodan.
"All models contained critical vulnerabilities," says Yunusov. "Virtually all vulnerabilities could be exploited from afar."
Four of the eight modems and routers contain vulnerabilities cross-site scripting that allow the infection of the system, the interception of SMS and the location of the victim.
"Since we can infiltrate a modem… we can also infect the computer to which the device is connected, which provides us with many ways to intercept computer data."
Let's say that Yunusov and his team showed us last year how an SMS could be used to get the attacker access to rail systems and derail trains.