Bootkit via SMS: 4G Access Level Security Assessment

Telecom operators constantly advertise the fastest, the cheapest and the best. Before diving into the internet with these new gadgets we decided to test how these ads correspond to reality… To our reality.

Having developed a test set, we started to research how safe it is for clients to use 4G networks of the telecommunication companies. We tested SIM-cards, 4G USB modems, radio components, IP access networks and more looking for vulnerabilities that could be exploited remotely, via IP or radio network.

In some cases we managed to attack SIM-cards, “clone” phone and intercept traffic without boring rainbow tables, we were able to remotely update USB modem firmware and even gained  access to the internal backbone network of the carrier.

Further evolutions to our attack helped us to achieve exploitation via SMS – delivered remotely enabling us to not only to compromise a USB modem and all the communications that go through it, but also to install a bootkit on the machine that the modem is connected to.

Location: Track 1 Date: May 28, 2015 Time: 11:45 am - 12:45 pm Timur Yunusov Kirill Nesterov Download Presentation Materials