Some security researchers highlighted the insecure software running in most 3G and 4G modems. What are the practical implications for an attack on such a mobile modem for organizations, and are there any best practices for ensuring mobile hotspot security?
Ask the Expert
Have questions about enterprise security? Send them via email today! (All questions are anonymous.)
Mobile hotspots -- both 3G and 4G, also popularly known as Mi-Fi modems -- have steadily gained in popularity recently as they offer non-cellular-connected devices access to cellular data networks via Wi-Fi or USB connections. Due to their increasing popularity, it was only a matter of time before researchers began to poke holes in the security posture of such devices.
Recently, Russian researchers began examining the software within 3G and 4G modems manufactured by Chinese companies Huawei and ZTE. Some of what they found was startling, to say the least. Chief among the vulnerabilities pertained to the software's file system. Simply put, malicious users could create an image of a modem's existing file system, modify files and then write the image back to the modem. As far as vulnerabilities go, this one is huge, especially when one considers that it works in conjunction with a backup-and-restore tool Huawei provides with the modem.
With regard to the practical implications of this type of vulnerability, the most casual of observers can tell you that once an attacker modifies an existing file system, he or she effectively owns the box. Delving further, if attackers can modify an existing file system on a 3G and 4G hotspot, they can manipulate the way the modem processes inbound and outbound packets. For example, if the file system is like most, then it maintains settings that allow administrators to manipulate access permissions. But if the file system has been modified, a malicious user can give himself administrative permissions, which will further permit him to manipulate firewall settings, routing tables, access control lists, etc.
So what to do? As always, for any kind of issue involving potentially malicious traffic on the enterprise network, I am a huge proponent of having a human being examine the network traffic logs daily -- if not more frequently. This person should be intimately familiar with what is considered normal versus abnormal behavior, and look for any instances of permissions being changed, access attempts from unusual IP addresses and other such anomalies.
Unfortunately, because these devices sit on a cellular data network as opposed to the more traditional landline-based IP network, placing them behind a specially configured firewall won't work. End users are basically at the mercy of the various 3G and 4G modem vendors to formulate mitigations that help ensure mobile hotspot security. However, enterprises should ensure that mobile endpoints using Mi-Fi hotspots are hardened in accordance with client security best practices, and that when they reconnect with the enterprise network, network access control (NAC) technology is used to inspect the security posture of the device before granting it trusted access.
This was first published in November 2013