Most 3G and 4G USB modems distributed by wireless companies contain multiple software security issues, according to two Russian researchers, Nikita Tarakanov and Oleg Kupreev. In a presentation at the recent Black Hat Europe 2013 security conference in Amsterdam, Tarakanov and Kupreev explained that products made by Huawei and ZTE, which manufacture the majority of modems used in Russia and Europe, have multiple poorly secured configuration files, among other potential vulnerabilities.
The researchers found that it was easy to modify USB modems due to freely available backup tools that allow users to make an image of the file system, modify it and write it back onto the device, Network World reported. A computer running malware designed to take advantage of this feature could detect the model and customize the modem so that it would infect any computer it was plugged into.
The modems also contain the installer for a proprietary application that can be used to start, stop and manage the internet connection established through the modem, according to Network World. The configuration files for the installer and the application itself are stored in plain text, with modifiable settings that include the ability to define what DNS servers the modem should connect to. As a result, an attacker could point the modem to connect to malicious servers. Additionally, some of the configuration files in the installer point to an unused antivirus feature. An attacker could enable this feature to install a malware program every time the modem application was installed.
Another vulnerability, accidentally discovered by iOS and PHP expert Stefan Esser just in advance of the presentation, gives unrestricted write access to the /usr/local directory in Mac OS X when the modem's update component is installed, The H Security reported. The flaw would allow a malicious user to inject a program directly into the system directory.
A mass attack vector
The USB modems are also configured to query a central server in the Netherlands for updates every 15 minutes, the researchers noted. The server in question is running on Microsoft's Internet Information Server (IIS) version 6.0, which is part of Windows Server 2003. This outdated software could potentially be vulnerable to a hacker, who could then configure the server to distribute malware to millions of users at once, Tarakanov noted.
Huawei representatives at the talk, who were not informed of the vulnerabilities beforehand, told heise Security that they had assumed the update server had adequate security. They said they would release updates to fix the issues as soon as possible.
Tarakanov also said that he didn't look for vulnerabilities in the actual modem drivers or in the firmware but noted that he suspected issues with both, Network World reported. To secure device application software packaged with devices as well as their embedded software and avoid putting large numbers of people at risk, organizations can use tools such as source code analysis software in their development process. With more secure coding, many software security issues can be eliminated in advance.
Software news brought to you by Klocwork Inc., dedicated to helping software developers create better code with every keystroke.