Reverse Engineering 4g Hotspots for Fun, Bugs and Net Financial Loss
g richter at DEF CON 27
“5G is coming” (apparently). That probably means, over the next few years, more and more people are going to be using more and more cellular-connected devices for their day-to-day TCP/IP activities.
The problem is, a lot of existing 4G modems and routers are pretty insecure. We found critical remotely-exploitable flaws in a selection of devices from variety of vendors, without having to do too much work. Plus, there’s only a small pool of OEMs working seriously with cellular technologies, and their hardware (& software dependencies) can be found running in all sorts of places. Their old 4G, 3G and even 2G-era code is going to be running in these 5G-capable devices.
With a small sample of consumer 4G routers as examples, we’re going to talk about how malleable, frustrating, and insecure these devices are. We’ll run through a few examples of existing 4G routers, from low-end bargain-basement end-of-life-never-to-be-fixed to higher-end devices. root is a means to an end, rather than the goal.
g richter
g richter is the single-use pseudonym of a security researcher with a particular interest in embedded devices and cellular. He has done this kind of thing for money and fun for quite a while now, but before that, he also did other things that didn’t involved as many computers. At the moment he's doing this for money at Pen Test Partners.
The problem is, a lot of existing 4G modems and routers are pretty insecure. We found critical remotely-exploitable flaws in a selection of devices from variety of vendors, without having to do too much work. Plus, there’s only a small pool of OEMs working seriously with cellular technologies, and their hardware (& software dependencies) can be found running in all sorts of places. Their old 4G, 3G and even 2G-era code is going to be running in these 5G-capable devices.
With a small sample of consumer 4G routers as examples, we’re going to talk about how malleable, frustrating, and insecure these devices are. We’ll run through a few examples of existing 4G routers, from low-end bargain-basement end-of-life-never-to-be-fixed to higher-end devices. root is a means to an end, rather than the goal.
g richter
g richter is the single-use pseudonym of a security researcher with a particular interest in embedded devices and cellular. He has done this kind of thing for money and fun for quite a while now, but before that, he also did other things that didn’t involved as many computers. At the moment he's doing this for money at Pen Test Partners.