Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
Exploiting The
Vulnerabilities of LTE
Wi-Fi Sharing Devices
Presented by: Andrew David
UNITEC Research Symposium 2020 ProgrammeDay 2
07th December 2020Session 2 – 1.10pm to 2.30pm
Overview
1. Introduction 2. Our Focus 3. Analysis 4. Technical Details
5. Demonstration 6. Threats 7. Impact 8. Discussion
9. Conclusion10.
Recommendations11. Questions and
Answers
1. Introduction
2. Our Focus
USB 4G LTE modem router
instead of smartphones
Careless usage approach
towards other devices
Provide more insight into the vulnerabilities
of Huawei E8372
Physical attack and exploitationof Huawei E8372
Backdoor and rooting
of Huawei E8372
3. Analysis
Source: https://gs.statcounter.com/os-market-share/mobile/worldwide
3.1 Mobile Operating System Market Share - WOLRDWIDE
3. Analysis
Source: https://gs.statcounter.com/os-market-share/mobile/new-zealand/#monthly-201911-202011
3.2 Mobile Operating System Market Share – NEW ZEALAND
3. Analysis
Source: https://www.ericsson.com/4adc87/assets/local/mobility-report/documents/2020/november-2020-ericsson-mobility-report.pdf
3.3 Subscription and Subscribers – WORLDWIDE
7.9b
8.8b
91%
3. Analysis
Source: https://www.statista.com/statistics/653680/volume-of-detected-mobile-malware-packages/
3.4 Detected Malicious Installation Packages on Mobile Devices – WORDLWIDE
3. Analysis
Source: https://securelist.com/it-threat-evolution-q1-2020-statistics/96959/
3.5 Map of infection attempts by mobile malware – WORDLWIDE
4. Technical Details4.1 Huawei E8372 USB 4G LTE Wi-Fi Modem Routerand Skinny 4G Mobile Broadband SIM card
4. Technical Details
4.2 Extension USB cable, tweezer and mobile device screwdriver
5. Demonstration
5.1 Device is network locked to Telstra Australia
5. Demonstration
5.2 Disassemble the device from its casing
5. Demonstration
5.3 Disassemble complete
5. Demonstration
5.4 Boot pins are exposed
5. Demonstration
5.5 Unlocking bootloader via USB connection using boot shot technique
5. Demonstration
5.6 Access to bootloader port is now possible
5. Demonstration
5.7 Applying patched bootloader, bypassing bootloader security and unlocking it
5. Demonstration
5.8 Flashing custom ROMs/firmware is now possible with interface ports open
5. Demonstration
5.9 Flashing custom ROM/firmware to network unlock and root the device
5. Demonstration
5.10 Custom ROM/firmware erased all sensitive device information
5. Demonstration
5.11 Issuing AT (attention) commands to modify device’s sensitive information
5. Demonstration
5.12 Using PuTTY as client to a backdoor of the device, connecting via Telnet
5. Demonstration
5.13 Rooting is successful
5. Demonstration
5.14 Network unlocking is successful
5. Demonstration
5.14 Successful speed evaluation done via speedtest.net
Attacks
• Man in The Middle
• Rouge DHCP
• Evil Twin
• Botnet
• Denial of service
Vulnerabilities
• Backdoor
• Remote Access Tool
• Malware
• Privacy
• Impersonation
6. Threats
7. Impact
8. Discussion
Reality • Most brands and devices have some vulnerability
Advantage• Some manufacturers and network providers are
locking bootloaders
Disadvantage• Some unhappy customers
• Telnet vulnerabilities
Opportunity
• Politicized USA and Huawei trade-war
• Innovation of Harmony OS by Huawei
Comparison work of other
researchers
• Firmware acquisition and bypassing authentication
• Generate network unlock code using IMEI
9. Conclusion
10. Recommendation
Check &Don’t use custom
firmware
Don’t root mobile devices
Don’t install unknown apps
Use VPN or encryption for sensitive data transmission
Use anti-virusUse strong password
Update latest official firmware
for mobile devices
11. Questions and Answers