October 22, 2016

WiMAX / 4G Information Leak Discovered on HTC Phones

(LiveHacking.Com) – It was just under a month ago that Trevor Eckhart (AKA TrevE) discovered that HTC preinstalled an application known as HtcLoggers on its phones. This logging program collected all kinds of data and then acted as a server to any connection that opens the right port.

TrevE hasn’t been sitting on his laurels and has now discovered that HTC preinstall a WiMAX monitoring system on its 4G enabled phones. An attacker who gains control over this can potentially manipulate data connectivity and to go even as far as being able to completely reprogram a device’s CDMA parameters remotely.

The WiMAX monitoring system exposes two open ports (7773/7774) to the outside world with no authentication. The only thing required for a malicious app to do anything is the INTERNET permission, which most Android apps request as a matter of course.

It is also possible to send commands to the WiMAX chipset via these ports, but sending a single comma can create an crashes the phone with an “out of bounds range exception.”

TrevE has posted a proof of concept app and a list of commands that can be sent to this monitoring system here.