3G and 4G USB Modems Are Security Threat, Black Hat Presenter Says

alphadogg writes "The vast majority of 3G and 4G USB modems handed out by mobile operators to their customers are manufactured by a handful of companies and run insecure software, according to two security researchers from Russia. Researchers Nikita Tarakanov and Oleg Kupreev analyzed the security of 3G/4G USB modems obtained from Russian operators for the past several months. Their findings were presented this week at the Black Hat Europe 2013 security conference in Amsterdam. Most 3G/4G modems used in Russia, Europe, and probably elsewhere in the world, are made by Chinese hardware manufacturers Huawei and ZTE, and are branded with the mobile operators' logos and trademarks, Tarakanov said. Because of this, even if the research was done primarily on Huawei modems from Russian operators, the results should be relevant in other parts of the world as well, he said."

No suprise here

[fustakrakich]

Mandated backdoors aren't very well hidden. The only alternative for the authorities is to arrest the people who uncover them. Soon the 'blackhats' will have to meet in secret to protect themselves.

Tarakanov said that they weren't able to test baseband attacks against the Qualcomm chips found inside the modems because it's illegal in Russia to operate your own GSM base station if you're not an intelligence agency or a telecom operator. "We'll probably have to move to another country for a few months to do it," he said.

Re:No suprise here

I know.. AC here.. but I know Ericsson are performing tests on the Huawei / ZTE stuff in their labs with simulated and real GSM basestations.
Sometimes under contract from those companies themselves, sometimes for security reasons..

A couple of times the design specs Huawei sends to Ericsson when on contract are plagiarized right off their own stuff. Even so badly there are still Ericsson logos left over.

Re:No suprise here

[fustakrakich]

it'd be illegal pretty much everywhere and it isn't.

Well, it's certainly not for the lack of trying... I would say it's pretty straight up

Security Threat?

[Svartalf]

Seriously... I'm beginning to wonder about the quality of presentations at Black Hat if this was even there .

The modems themselves aren't a threat. It's the fact that many of them cart around drivers and "manager" applications which could provide storage based attack vectors or through compromised versions of the driver or manager that you have any problems... Unsurprising and already well known by most security researchers.

1) For many of those "security threat" modems, Linux works wonders as does *BSD as they support the devices out of box with OS provided support.
2) There's a panopoly of devices that don't expose the machines to any of these vectors that runs $50-150 provided by vendors such as Zoom and Cradlepoint (in fact, it's what I use since it allows the LTE dongle (that doesn't have these "risks" by the way...) be able to switch between 3G and 4G seamlessly (Linux supports both, but NetworkManager doesn't support switching gears between the differing ways both modes are accessed yet...). The devices either have their own battery or not but allow multiple (more than a MiFi type device does...) devices on the connection.
3) If you're wanting something with a few less moving parts and slightly more compact, you can always get a MiFi (which is what the Telcos are now leaning towards because it allows things like your Nook or Kindle to link up to the Internet as well as your notebook...).

I'd be ashamed of myself if I were to try to have ran this "issue" up the flagpole at BlackHat or DEFCON. Really, guys?

Search harder

[dutchwhizzman]

ZTE and Huawei products are in fact for sale in the USA and Europe as well. I don't know about South America, but I presume you can get them there as well. Maybe the major US telco's don't bundle ZTE or Huawei products with their 3G/4G offerings, but the hardware is for sale for certain. Several EU operators (notably Vodafone) bundle these products. Assuming that because you don't see the products in the USA they are only available in Russia is kind of short sighted, the world is more than just Russia and the bundled hardware you get in the USA, you know?

Evil modeswitching USB modems

[Compaqt]

Would this be the right place to complain about evil modeswitching USB modems?

Used to be when you got a piece of hardware, you'd get a CD with the drivers on it. Later on, somebody got the idea to include USB modem drivers right on the device itself, since it's USB anyway.

The way they implement this is to make the device into a USB Storage Device upon bootup. Then, depending on circumstances, it switches the mode to a USB modem.

This is evil because the protocol isn't totally well defined, and it usually works well only on a particular version of Windows.

Linux tries to cope, but it doesn't always work.

The article which is the subject of this thread just seems to confirm that these companies just make it up as they go along, and then pump out millions of copies of the same thing.

Re:So it's a "security threat"...

An attacker who manages to compromise this update server, can launch mass attacks against users from many operators

This attack is possible for any kind of software that uses an update server.

Re:Misleading Headline (go figure, its slashdot)

[m00j]

Here in Australia Huawei and ZTE modems seem to be the only thing available from the majority of providers. Certainly the three major carriers have them (or did six months ago when I last looked), and I haven't seen a non-Huawei or ZTE modem from any of the MVNO.

Perhaps because in the USA you have different frequency bands?