USB modems a potential target soon, researcher warns

Mobile computer users who access the Internet using USB dongle modems may soon be the next target of malware makers or remote attackers, an Indian security researcher warned.

Researcher Rahul Sasi also warned of the risk from these USB modems as they do not have auto-update mechanisms to fortify their firmware.

"(A) highly skilled exploit writer could make all the devices out there vulnerable to (these) attacks," he said in a blog post.

Sasi pointed out the USB modem, which is bundled with dialer software to connect to a GSM/CDMA network, may allow attacks via an interface to send and receive SMS or text messages.

He said that while a normal web browser or network layer attack will need user interaction, an SMS-based exploit does not.

"(A)s soon as a victim gets online his service provider would forward the message to his Inbox," he said.

Phishing, DDOS attacks

Sasi said the USB modems may allow phishing-based attacks triggered via SMS.

This means phishing attacks "might come in the form of an SMS asking users to download a malware to their computer."

He also said a specially crafted SMS packet can cause the dialer app to crash and knock the user out of the Internet.

"These attacks would not be flagged by your firewalls, mainly because the SMS is received over a GSM/CDMA line that is connected directly to your computer. So there would be no alerting from any of your security devices on these attacks," he said.

Worse, the attacker can remain anonymous using an SMS-based exploit.

The only defense for now is on the part of Internet service providers' firewalls, which block the transmission of SMS-based payloads. — VC, GMA News