Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)
Computer Emergency Response Team of Mauritius>Internal modem can be exploited by malware to gain persistence

Internal modem can be exploited by malware to gain persistence

At a hacking conference, two security experts have demonstrated how Internal LTE/3G modems can be hacked to help malware survive OS reinstalls. Many users totally ignore that LTE/3G modems built into new business laptops and tablets have a dedicated processor and operating system that could be exploited by threat actors to maintain persistent access to a compromised device. The security researchers from Intel’s security group demonstrated how a malware that infect a machine could rewrite the firmware of a popular Huawei LTE modem. The expert explained that Huawei LTE modem runs a Linux-based OS, a modification of the Android OS, and is connected to the host system through an internal USB interface. The use of an internal USB interface means that the module could be used by attackers to emulate a number of devices connected to the primary OS, including keyboard, mouse, CD-ROM drive, network card, or other USB device. The researchers were able to rewrite the firmware because the update process is weak; in fact, the updates are not protected by digital signature neither by encryption mechanisms. The two researchers developed their malicious firmware and served it through the Windows update utility provided by the vendor.
Security Affairs
Team Cymru
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis