- Brits Lose £106m to Romance Fraud in a Year
- Why the Google Pixel Tablet is still my smart home display after a year (and it's on sale)
- Finally, a 16-inch Windows laptop I wouldn't mind putting my MacBook Pro away for
- Got a new password manager? Don't leave your old logins exposed in the cloud - do this next
- This midrange OnePlus phone undercuts the Galaxy S25 and delivers a flagship experience
Critical Vulnerabilities in Cinterion Modems Exposed
Critical vulnerabilities have been found within Cinterion cellular modems. Disclosed during a Kaspersky presentation at OffensiveCon in Berlin on May 11, these flaws could allow remote attackers to execute arbitrary code, posing a significant threat to the integrity of millions of industrial devices reliant on these modems.
The identified vulnerabilities, including CVE-2023-47610, highlight severe security weaknesses within the modem’s SUPL message handlers. Exploiting this flaw via SMS could grant attackers unauthorized access to the modem’s operating system, enabling them to manipulate RAM and flash memory without needing authentication or physical device access.
Moreover, investigations uncovered flaws in the handling of MIDlets, Java-based applications running on the modems. By bypassing digital signature checks, attackers could execute unauthorized code with elevated privileges, posing risks to data confidentiality and broader network security.
Evgeny Goncharov, head of Kaspersky ICS CERT, emphasized the potential for widespread disruption across various sectors due to the extensive deployment of these modems.
“These disturbances range from economic and operational impacts to safety issues. Since the modems are typically integrated in a matryoshka-style within other solutions, with products from one vendor stacked atop those from another, compiling a list of affected end products is challenging,” he said.
“Affected vendors must undertake extensive efforts to manage risks, with mitigation often feasible only on the telecom operators’ side.”
To defend against this threat, Kaspersky recommended disabling nonessential SMS messaging capabilities and enforcing rigorous digital signature verification for MIDlets. They also urged stakeholders to control physical access to devices and conduct regular security audits and updates.
The vulnerabilities have been shared with the manufacturer, but the intricate supply chain involving Gemalto (now under Thales), and subsequently Telit, complicates mitigation efforts.
