Modems play an important role in enabling connectivity for a wide range of devices. This includes not only traditional mobile devices and household appliances, but also telecommunication systems in vehicles, ATMs and Automated Process Control Systems (APCS).
When integrating the modem, many product developers do not think of protecting their device from a potential modem compromise. As one of the main communication channels for the end device, the modem not only has access to the information flow between the device and the outside world, but also may have almost unlimited access to the most critical systems and resources of the end device. Thus, modem security is a significant matter.
To make the problem worse, when a critical vulnerability is discovered in just one modem model and version, significant time may be required to update all the devices in which it is installed. And some of them may even not have a remote modem updating feature at all, such as a car’s Telematic Control Unit (TCU). In such cases, installing the update typically requires additional effort and expense for the manufacturer of the end product to manually address each vulnerable device or vehicle.
For this reason, a particular modem manufactured by Telit Cinterion caught our interest. We decided to perform the security analysis of the modem in course of a bigger project of analyzing security of a popular model of a truck. When we began our assessment, the only known registered vulnerability was CVE-2020-15858, which is described in greater detail elsewhere.
The study focused on the EHS5-E series modem, originally manufactured by ..
Support the originator by clicking the read the rest link below.
