Exploiting The Vulnerabilities of LTE Wi-Fi Sharing Devices

Exploiting The

Vulnerabilities of LTE

Wi-Fi Sharing Devices

Presented by: Andrew David

UNITEC Research Symposium 2020 ProgrammeDay 2

07th December 2020Session 2 – 1.10pm to 2.30pm

Overview

1. Introduction 2. Our Focus 3. Analysis 4. Technical Details

5. Demonstration 6. Threats 7. Impact 8. Discussion

9. Conclusion10.

Recommendations11. Questions and

Answers

1. Introduction

2. Our Focus

USB 4G LTE modem router

instead of smartphones

Careless usage approach

towards other devices

Provide more insight into the vulnerabilities

of Huawei E8372

Physical attack and exploitationof Huawei E8372

Backdoor and rooting

of Huawei E8372

3. Analysis

Source: https://gs.statcounter.com/os-market-share/mobile/worldwide

3.1 Mobile Operating System Market Share - WOLRDWIDE

3. Analysis

Source: https://gs.statcounter.com/os-market-share/mobile/new-zealand/#monthly-201911-202011

3.2 Mobile Operating System Market Share – NEW ZEALAND

3. Analysis

Source: https://www.ericsson.com/4adc87/assets/local/mobility-report/documents/2020/november-2020-ericsson-mobility-report.pdf

3.3 Subscription and Subscribers – WORLDWIDE

3. Analysis

Source: https://www.statista.com/statistics/653680/volume-of-detected-mobile-malware-packages/

3.4 Detected Malicious Installation Packages on Mobile Devices – WORDLWIDE

3. Analysis

Source: https://securelist.com/it-threat-evolution-q1-2020-statistics/96959/

3.5 Map of infection attempts by mobile malware – WORDLWIDE

4. Technical Details4.1 Huawei E8372 USB 4G LTE Wi-Fi Modem Routerand Skinny 4G Mobile Broadband SIM card

4. Technical Details

4.2 Extension USB cable, tweezer and mobile device screwdriver

5. Demonstration

5.1 Device is network locked to Telstra Australia

5. Demonstration

5.2 Disassemble the device from its casing

5. Demonstration

5.3 Disassemble complete

5. Demonstration

5.4 Boot pins are exposed

5. Demonstration

5.5 Unlocking bootloader via USB connection using boot shot technique

5. Demonstration

5.6 Access to bootloader port is now possible

5. Demonstration

5.7 Applying patched bootloader, bypassing bootloader security and unlocking it

5. Demonstration

5.8 Flashing custom ROMs/firmware is now possible with interface ports open

5. Demonstration

5.9 Flashing custom ROM/firmware to network unlock and root the device

5. Demonstration

5.10 Custom ROM/firmware erased all sensitive device information

5. Demonstration

5.11 Issuing AT (attention) commands to modify device’s sensitive information

5. Demonstration

5.12 Using PuTTY as client to a backdoor of the device, connecting via Telnet

5. Demonstration

5.13 Rooting is successful

5. Demonstration

5.14 Network unlocking is successful

5. Demonstration

5.14 Successful speed evaluation done via speedtest.net

Attacks

• Man in The Middle

• Rouge DHCP

• Evil Twin

• Botnet

• Denial of service

Vulnerabilities

• Backdoor

• Remote Access Tool

• Malware

• Privacy

• Impersonation

6. Threats

7. Impact

8. Discussion

Reality • Most brands and devices have some vulnerability

Advantage• Some manufacturers and network providers are

locking bootloaders

Disadvantage• Some unhappy customers

• Telnet vulnerabilities

Opportunity

• Politicized USA and Huawei trade-war

• Innovation of Harmony OS by Huawei

Comparison work of other

researchers

• Firmware acquisition and bypassing authentication

• Generate network unlock code using IMEI

9. Conclusion

10. Recommendation

Check &Don’t use custom

firmware

Don’t root mobile devices

Don’t install unknown apps

Use VPN or encryption for sensitive data transmission

Use anti-virusUse strong password

Update latest official firmware

for mobile devices

11. Questions and Answers

Exploiting The Vulnerabilities of LTE Wi-Fi Sharing Devices

Documents

White Paper: The Security Vulnerabilities of LTE: Opportunity

Understanding and Exploiting Flash ActionScript Vulnerabilities --

Exploiting Server Vulnerabilities with XSS and Server Side Scripting Attacks

Exploiting Format String Vulnerabilities Engineering... · 2014-12-08 · Exploiting Format String Vulnerabilities scut / team teso September 1, 2001 version 1.2 번역 및 편집:

Exploiting Client-Side Vulnerabilities and Establishing a VNC Session

1MA245 0e Vulnerability of LTE and LTE Advanced · 2016. 11. 30. · Vulnerabilities of LTE and LTE-Advanced Communication White Paper Long Term Evolution (LTE) technology has become

Web Application Penetration Tests - Exploiting Vulnerabilities and Manual Testing

Exploiting Format String Vulnerabilities

Exploiting COF Vulnerabilities in the Linux kernel...Exploiting COF Vulnerabilities in the Linux kernel Vitaly Nikolenko @vnik5287 Ruxcon - 2016 Who am I? • Security researcher @

Exploiting Format String Vulnerabilitiesinst.eecs.berkeley.edu/~cs161/sp08/Notes/formatstring-1... · 2008-03-31 · Exploiting Format String Vulnerabilities scut / team teso September

Exploiting the Client Vulnerabilities in Internet E-voting Systems

Finding and Exploiting Access Control Vulnerabilities in ... · Finding and Exploiting Access Control Vulnerabilities in Graphical User Interfaces ... Vulnerabilities in Graphical

Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities

Understanding and Exploiting Flash ActionScript Vulnerabilities -- Hafei Li, Sr. Security Researcher hfli@fortinet.com

1MA245 0e Vulnerability of LTE and LTE Advancedcdn.rohde-schwarz.com/pws/dl_downloads/dl_application/...Vulnerabilities of LTE and LTE-Advanced Communication White Paper Long Term

Exploiting Tracking Area List Concept in LTE Networks

Exploiting Format String Vulnerabilities - Stanford …crypto.stanford.edu/cs155/papers/formatstring-1.2.pdf1.1 Buﬀer Overﬂows vs. Format String Vulnerabilities 3 special situations

EXPLOITING NFC AND RFID VULNERABILITIES IN A …

Location Privacy in LTE: A Case Study on Exploiting the

White Paper: The Security Vulnerabilities of LTE ... by Patrick Donegan Senior Analyst, Heavy Reading on behalf of September 2013 White Paper The Security Vulnerabilities of LTE: