Millions of Internet of Things (IoT) devices present across the industrial, healthcare, automotive, financial, and telecommunication sectors are at significant risk due to several vulnerabilities in a widely-used cellular modem technology. These Cinterion Modem Vulnerabilities, found in modems manufactured by Telit Cinterion, pose severe threats to device integrity and network security.
Telit Cinterion, is an Internet of Things (IoT) technology provider company headquartered in Irvine, California, United States. It provides various edge-to-cloud IoT services such as connectivity plans, IoT SIMs, IoT embedded software and PaaS IoT deployment managed services.
The newly discovered vulnerabilities pose significant risks to communication networks and IoT devices, potentially leading to extensive global disruption.
Several Cinterion Modem Vulnerabilities Discovered
The findings by Kaspersky researchers were first presented at the OffensiveCon international security conference held recently in Berlin. The findings disclosed the identification of several critical vulnerabilities in Cinterion modems integrated into a wide range of IoT devices.
These vulnerabilities include remote code execution (RCE) and unauthorized privilege escalation flaws that exist in user applications (MIDlets) and the OEM-bundled firmware integrated with the modems.
The most severe vulnerability, CVE-2023-47610, is a memory heap overflow that allows attackers to remotely execute arbitrary commands through specially crafted SMS messages on affected devices, without requiring further authentication or any physical access. This vulnerability can also unlock access to special AT commands, enabling attackers to read and write to the modem’s RAM and flash memory.
The researchers demonstrated its existence by developing their own SMS-based File System, which they installed on the modem by exploiting the identified vulnerability. This allowed the researchers to then remotely activate OTA (Over The Air Provisioning) to install arbitrary MIDlets, that were protected from removal by standard mechanisms, and required a full reflash of the firmware for removal.
In addition to the RCE vulnerability, researchers also identified several security issues in user applications called MIDlets and the OEM-bundled firmware of the modems. These vulnerabilities, assigned CVE-2023-47611 through CVE-2023-47616, could potentially allow attackers with physical access to the modem to compromise the confidentiality and integrity of user MIDlets, execute unauthorized code, extract and substitute digital signatures, and elevate execution privileges of user MIDlets to the manufacturer level.
The researchers reported these vulnerabilities to Telit Cinterion last November and while the company has issued patches for some of the flaws, not all of them have been addressed, leaving millions of devices still at risk.
The modems are embedded in various IoT products, including industrial equipment, smart meters, telematics systems, and medical devices, making it challenging to compile a comprehensive list of affected products.
To mitigate potential threats, organizations are advised to disable non-essential SMS messaging capabilities, employ private Access Point Names (APNs), control physical access to devices, and conduct regular security audits and updates.
Rising Concerns Over IoT Security
The discovery of these vulnerabilities highlights a growing concern over the security of IoT environments, especially in industrial control and operational technology settings. An analysis of 2023 threat data by Nozomi Networks noted a significant increase in attacks targeting IoT and OT networks, driven by a rise in IoT vulnerabilities.
Previous incidents, such as the 9 vulnerabilities found in industrial routers by Robustel R1510, indicate that routers remain a common point of weakness in networks with vulnerabilities such as remote code execution or DDoS flaws that may then be used to potentially spread attacks across connected devices.
In conclusion, these vulnerabilities in Cinterion modems necessitate urgent action from both device manufacturers and telecom operators to mitigate risks and protect essential infrastructure. The researchers behind the findings plan to publish a white paper on modem security internals within May 2024, following findings from this study.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
