fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Huawei USB LTE Dongles Are Vulnerable to Privilege Escalation Attacks

Huawei USB LTE Dongles Are Vulnerable to Privilege Escalation Attacks

This week, a Trustwave security researcher disclosed a privilege escalation flaw in Huawei’s USB LTE dongles.

A USB dongle is a piece of hardware that can be plugged into laptop and desktop computers, much like a thumb drive, to access the internet.

But, while quickly analyzing Huawei’s LTE device drivers, Trustwave researcher discovered a case of improper permissions.

Huawei LTE driver autoruns with maximum permissions

Martin Rakhmanov, Security Research Manager at Trustwave has disclosed his findings on a privilege escalation flaw in Huawei’s USB LTE dongle model E3372.

While browsing through the driver files installed by the dongle on his Mac OSX machine, the researcher came across the following file which would auto-run every time the USB dongle was plugged in:/Library/StartupItems/MobileBrServ/mbbserviceopen.app/Contents/MacOS/mbbserviceopen

On plugging in the USB device, this file would open up a web browser with Huawei’s device management interface.

On a closer look, however, Rakhmanov noticed this “mbbserviceopen” file ran with full permissions (777):

huawei vulnerability
The mbbserviceopen file had full read/write/execute permissions for all users (Trustwave)

And this is problematic.

Also Read: The 5 Phases of Penetration Testing You Should Know

“All a malicious user needs to do is to replace the file with its own code and wait for a legitimate user to start using the cellular data service via Huawei device,” says Rakhmanov.

Privilege escalation attacks rely on a user with limited access to a system being able to obtain a higher level of access, in an illicit manner—such as through a vulnerability exploit, or improper permissions on shared files.

Because this particular vulnerability relies on tampering with the Huawei driver software installed on a computer, local or physical access to the computer is required, making this a case of local privilege escalation.

BleepingComputer reached out to Trustwave to get some insights on the vulnerability:

“The essence of this vulnerability is that one user, even an unprivileged one, can run code as another user on a multiuser system when the dongle is inserted,” Ziv Mador, VP Security Research at Trustwave SpiderLabs told BleepingComputer in an email interview.

Mador further explained that if a laptop using Huawei’s USB device is being used by different employees—for example, one on the day shift, and another on the night shift, the night shift employee can effectively replace the legitimate mbbserviceopen file easily with malware, such as a password stealer.

“With this vulnerability, the night shift manager can write a simple script that will first run a password stealer and then run the original Huawei executable that was used initially.”

“Then each time the manager plugs in the dongle, the password stealer will start, and then internet connectivity will be established.”

“Since the password stealer is invisible, the manager will believe they are having the same user experience – just like any other day – while in practice, the password stealer will be used to steal passwords,” Mador further explained to BleepingComputer.

In other cases, Mador states malware can exploit this vulnerability to cross user boundaries.

Trustwave has issued a security advisory and a blog post detailing the vulnerability.

Huawei issues remediation instructions

BleepingComputer also observed the driver available from Huawei’s website, did not have this flaw as of today:

huawei vulnerability fixed
“Hilink” drivers obtained from Huawei’s website setup the “mbbserviceopen” file with appropriate permissions
Source: BleepingComputer

Huawei confirmed to BleepingComputer that they had accepted this as a vulnerability and issued an advisory with the remediation instructions.

Also Read: Got Hacked? Here Are 5 Ways to Handle Data Breaches

Huawei has advised users of its USB LTE dongle (E3372) to obtain the “Hi Link” driver files from their website to resolve this vulnerability.

“Customer security is Huawei’s top priority and like all responsible businesses if vulnerabilities are discovered we encourage people to report them to our Product Security Incident Response Team – [email protected],” a Huawei spokesperson told BleepingComputer.

Update: Corrected attribution for one of the quotes.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us