All the 4G modules Could be Hacked

Conference:  Defcon 27



The presentation discusses the security issues and vulnerabilities of 4G modules used in IoT devices and suggests ways to defend against attacks.
  • Many people are unaware of the security problems and impact of foreign models in IoT devices.
  • There are various security issues with 4G modules, and researchers need to talk about them more.
  • The internal structure of 4G modules is the same in various devices, and they can be controlled remotely.
  • There are many successful cases of attacks on 4G modules, and the presentation suggests ways to defend against them.
  • Developers need to learn how to use a firewall to solve 90% of the security problems.
The presentation mentions a successful case of attack where a command injection vulnerability was found in passing SMS 80 command, and the attackers were able to hack it remotely by simply sending a text message.


Nowadays more and more 4G modules are built into IoT devices around the world, such as vending machines, car entertainment systems, laptops, advertising screens, and urban cameras etc. But no one has conducted a comprehensive security research on the 4G modules. We carried out this initiative and tested all the major brand 4G modules in the market (more than 15 different types). The results show all of them have similar vulnerabilities, including remote access with weak passwords, command injection of AT Command/listening services, OTA upgrade spoofing, command injection by SMS, and web vulnerability. Through these vulnerabilities we were able to get to the shell of these devices. In addition to using wifi to exploit these vulnerabilities, we created a new way to attack through fake base station system, triggered by accessing the intranet of cellular network, and successfully run remote command execution without any requisites. In this talk, we will first give an overview on the hardware structure of these modules. Then we will present the specific methods we use in vulnerability probe. In the final section we will demonstrate how to use these vulnerabilities to attack car entertainment systems of various brands and get remote control of cars.