Authentication Bypass And OEM Backdoors In WiMAX Routers

By   ISBuzz Team
Writer , Information Security Buzz | Jun 15, 2017 06:15 am PST

News broke yesterday that WiMAX routers manufactured by several companies, including Huawei and ZyXEL, are vulnerable to an authentication bypass that could let an attacker change the password of the admin user, gain access to the device, or the network behind it.

Ben Herzberg, Security Research Group Manager at Imperva Incapsula

ben herzberg“The lack of basic security in a wide-spread number of devices connected to the internet has caused a lot of security issues over time. From large-scale Denial of Service attacks done from a horde of infected devices, launched against a wide array of targets (For example see: New Mirai Variant Launches 54-hour DDos Attack Against U.S. College, or New Variant of Mirai Embeds Itself in TalkTalk Home Routers ),  to usage for attempts to brute force accounts. This is without even mentioning the fact that the devices allows hackers to have an attack surface against the networks on which such devices are installed.

This can cause organisations and users several problems including, loss of privacy (By eavesdropping to traffic, accessing CCTV systems, etc), being used as part of malicious attacks (for example DDoS attacks), and gaining a foothold on a network, to further exploit it.

Hackers can exploit this quite easily, given the information released, as they can take over the administrative accounts in the devices and take control of the routers. From previous exploits (Like the TalkTalk routers, etc), we’ve seen that attackers are actually quite quick about it. And they should  be as that is how they make money (For example: by renting the hacked devices as DDoS-4-Hire botnets).

Unfortunately, it seems like no patch is planned for the Huawei devices. The only real solution is to upgrade (Configuring out the web access should also work, but for safe-measures, if I had such a vulnerable router, I’d replace it).”