4G Router Vulnerabilities Let Attackers Take Full Control

upstart writes:

Submitted via IRC for SoyCow7671

4G Router Vulnerabilities Let Attackers Take Full Control

Multiple vulnerabilities were found by security researchers in 4G routers manufactured by several companies, with the flaws exposing users to information leaks and command execution attacks.

Pen Test Partners researcher 'G Richter' shared the flaws found in 4G devices during this year's DEF CON hacking conference, saying that "a lot of existing 4G modems and routers are pretty insecure."

"We found critical remotely-exploitable flaws in a selection of devices from variety of vendors, without having to do too much work," Richter said.

"Plus, there's only a small pool of OEMs working seriously with cellular technologies, and their hardware (& software dependencies) can be found running in all sorts of places."

The worst part is that the security flaws were discovered after examining a limited set of 4G routers, covering the entire prices spectrum, from consumer-grade routers and dongles to very pricey devices designed to be used in large enterprise networks.

All the security flaws found were reported to the vendors who fixed most of the discovered issues before the Pen Test Partners report was published but, unfortunately, the disclosure process didn't go as smooth as expected.

Original Submission

Read more of this story at SoylentNews.