DEFCON 33: Hacking Hotspots: Pre-Auth RCE, Arbitrary SMS and Adjacent Attacks on 5G & 4G/LTE Routers скачать в хорошем качестве

DEFCON 33: Hacking Hotspots: Pre-Auth RCE, Arbitrary SMS and Adjacent Attacks on 5G & 4G/LTE Routers

https://github.com/actuator/DEFCON-33 This research examines security oversights in a range of modern 5G & LTE routers used in businesses, industrial IoT, and everyday mobile deployments. Several of these routers contain vulnerabilities reminiscent of older security flaws, such as weak default credentials, inadequate authentication checks, and command injection pathways. By reverse-engineering firmware and testing for insecure endpoints, it was possible to demonstrate remote code execution, arbitrary SMS sending, and other serious exploits affecting Tuoshi and KuWFi devices. Through practical examples, including Burp Suite requests and Ghidra disassembly, the talk highlights how these weaknesses can grant attackers root access, allow fraudulent activity, or compromise entire networks. In each case, mitigation strategies and best practices—like robust authentication, regular firmware updates, and network segmentation—are emphasized. Ultimately, this presentation underscores the importance of continuous security scrutiny, even for modern hardware, and encourages the community to stay vigilant and collaborate in uncovering and addressing such pervasive vulnerabilities. https://defcon.org/html/defcon-33/dc-... https://github.com/actuator/cve/tree/... https://github.com/actuator/cve/tree/... #rce #defcon #hack #hacker #iot #reverseengineering #5g #4g #hotspot #router #cybersecurity #cybercrime #Tuoshi #Kuwfi #sms #technology #events