Presentation information

From match fixing to data exfiltration – a story of Messaging as a Service (MaaS)

Robert Neumann (Independent researcher) & Gergely Eberhardt (Search-Lab)
live only
UTC on Day 3
FRIDAY 02 OCTOBER
When someone first approached us with the question of whether we had heard of malware sending out unsolicited SMS messages, we almost immediately replied positively – there are plenty such malicious applications on Android. The next question caught us rather by surprise: have you seen such malware on a 4G/LTE capable broadband router?

We were presented with an issue where a specific SOHO router (from a top 5 vendor) was sending messages to another country – messages which, at a quick glance, resembled match fixing. Our initial investigation quickly revealed an unpatched vulnerability in the device's firmware which made anonymous SMS sending possible, without the need for any further authentication on the device. Further monitoring of the problem slowly made us reconsider our first take on it, as a Messaging-as-a-Service (MaaS) like service started to take shape in the background.

In this talk we will explain how certain 4G/LTE capable routers could be exploited to anonymously send out thousands of short text messages for various purposes, ranging from match fixing through generating revenue with premium rate numbers to data exfiltration. We will talk about the vulnerability used, how could it survive for an extended period of time, what different types of damage it caused, and the motivation of the adversaries behind it.
Robert Neumann
Independent researcher Robert Neumann focuses on various short- and long-term research projects, ranging from small-scale malicious campaigns through niche malware and file formats to in-depth investigations and threat actor attribution. Robert is a long-time security researcher, working in IT - and especially in IT security - for most of his career. His previous experiences at companies such as VirusBuster, Sophos and Citi enabled him to understand and respond to cybersecurity challenges on different levels.
Gergely Eberhardt
Search-Lab Gergely Eberhardt is a former software developer currently working as an IT security expert for Search-Lab. He mainly focuses on embedded device testing, software hardening, secure coding and vulnerability research. His background in developing software enables him to look at security issues from multiple viewpoints at the same time.
arrow left Back

From match fixing to data exfiltration – a story of Messaging as a Service (MaaS)

Robert Neumann (Independent researcher) & Gergely Eberhardt (Search-Lab)
When someone first approached us with the question of whether we had heard of malware sending out unsolicited SMS messages, we almost immediately replied positively – there are plenty such malicious applications on Android. The next question caught us rather by surprise: have you seen such malware on a 4G/LTE capable broadband router?

We were presented with an issue where a specific SOHO router (from a top 5 vendor) was sending messages to another country – messages which, at a quick glance, resembled match fixing. Our initial investigation quickly revealed an unpatched vulnerability in the device's firmware which made anonymous SMS sending possible, without the need for any further authentication on the device. Further monitoring of the problem slowly made us reconsider our first take on it, as a Messaging-as-a-Service (MaaS) like service started to take shape in the background.

In this talk we will explain how certain 4G/LTE capable routers could be exploited to anonymously send out thousands of short text messages for various purposes, ranging from match fixing through generating revenue with premium rate numbers to data exfiltration. We will talk about the vulnerability used, how could it survive for an extended period of time, what different types of damage it caused, and the motivation of the adversaries behind it.
Robert Neumann
Independent researcher Robert Neumann focuses on various short- and long-term research projects, ranging from small-scale malicious campaigns through niche malware and file formats to in-depth investigations and threat actor attribution. Robert is a long-time security researcher, working in IT - and especially in IT security - for most of his career. His previous experiences at companies such as VirusBuster, Sophos and Citi enabled him to understand and respond to cybersecurity challenges on different levels.
Gergely Eberhardt
Search-Lab Gergely Eberhardt is a former software developer currently working as an IT security expert for Search-Lab. He mainly focuses on embedded device testing, software hardening, secure coding and vulnerability research. His background in developing software enables him to look at security issues from multiple viewpoints at the same time.