Black Hat: Securing Cellular Gateways

Wednesday, August 22, 2018 @ 03:08 PM gHale

By Gregory Hale
Cellular usage is continuing its rapid growth, but security is the one area that truly needs a hard look because there are aspects that remain open to attack.

“We are giving away information for nation state actors to do very bad things,” said Justin Shattuck, principal threat researcher for F5 Networks Labs during a session, entitled “Snooping on Cellular Gateways and Their Critical Role in ICS” at Black Hat USA 2018 in Las Vagas. “We have yet to find an industry this does not affect.”

RELATED STORIES
Black Hat: Breaking Down Safety System Attack
Black Hat: Get to Root Cause
Lessons Learned One Year After Triton
Forget Hyperbole: Stay True to Security Message

In short, cellular gateways are leaking information that could be exposing critical infrastructure to risk, Shattuck said. The flaws could potentially enable an attacker to identify locations of infrastructure, track individuals, and even manipulate or corrupt communications.

The cellular problem has been around since at least 2012 and as of July 25 this year there were 13,552 disclosures sent out and there have been two responses and one dialogue, he said.

One of the disclosures went out to Sierra Wireless, the manufacturer of most of the discovered gateways. That was also the one company Shattuck talked to, and they have since patched their issues. One other issue is if the end users applied the patch.

Location information ends up leaked from misconfigured cellular gateways used to connect equipment in a vehicle to the Internet via a cellphone network, or provide Wi-Fi that routes connections via a cellular connection.

Gateways from Sierra Wireless, Cradlepoint, Moxa, and Digi have been found on the Internet poorly secured by their owners, Shattuck said. They display the unit’s physical location in a device status box on the administrator login page, and possibly still use the username and password defaults of user/12345 on Sierra kit.

In terms of what he learned doing scans, on October 24, 2016 there were 49,692 hosts, on September 9, 2017 there were 58,670 hosts, and on July 29, 2018 there were 105,400 hosts
Part of what users have to do is:
• Change passwords
• Upgrade firmware
• Configure management interface
• Reach out to security at Sierrawireless.com

“We have got to fix it,” Shattuck said. “This is not Hollywood fiction anymore.”



Leave a Reply

You must be logged in to post a comment.