"Researchers at Sekoia.io have found that cybercriminals are exploiting Milesight cellular routers on a large scale to spread phishing messages via SMS. This is known as smishing. These devices are typically used in industrial environments, for example, to connect traffic lights, energy meters, and other IoT systems via 3G, 4G, or 5G. The routers are equipped with SIM cards and can be controlled via SMS, Python scripts, and web interfaces."
"A major weakness is CVE-2023-43261. This is a configuration error that made log files publicly accessible. These contained encrypted passwords, along with the keys and initialization vectors to decrypt them. This allowed attackers to gain full access to the routers. However, not every incident can be traced back to this vulnerability. Some compromised devices were running firmware that was not vulnerable to this, and in other cases, the authentication cookies found did not match the known decryption method."
Cybercriminals are exploiting Milesight cellular routers to distribute phishing messages via SMS (smishing), targeting mainly European countries with campaigns since 2022. Devices are used in industrial IoT to connect traffic lights, energy meters, and other systems over 3G/4G/5G and include SIM cards controllable via SMS, Python scripts, and web interfaces. More than 18,000 routers are internet-accessible, hundreds lack security, and many run outdated vulnerable firmware. A major weakness, CVE-2023-43261, exposed log files containing encrypted passwords and decryption keys, enabling full takeover. Additional unknown attack techniques and anti-analysis phishing pages are also in use.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]