Reverse-Engineering 4g Hotspots for Fun, Bugs and Net Financial Loss

DEF CON 27

Presented by: g richter
Date: Saturday August 10, 2019
Time: 15:00 - 15:45
Location: Track 2

“5G is coming” (apparently). That probably means, over the next few years, more and more people are going to be using more and more cellular-connected devices for their day-to-day TCP/IP activities.

The problem is, a lot of existing 4G modems and routers are pretty insecure. We found critical remotely-exploitable flaws in a selection of devices from variety of vendors, without having to do too much work. Plus, there’s only a small pool of OEMs working seriously with cellular technologies, and their hardware (& software dependencies) can be found running in all sorts of places. Their old 4G, 3G and even 2G-era code is going to be running in these 5G-capable devices.

With a small sample of consumer 4G routers as examples, we’re going to talk about how malleable, frustrating, and insecure these devices are. We’ll run through a few examples of existing 4G routers, from low-end bargain-basement end-of-life-never-to-be-fixed to higher-end devices. root is a means to an end, rather than the goal.

g richter

g richter is the single-use pseudonym of a security researcher with a particular interest in embedded devices and cellular. He has done this kind of thing for money and fun for quite a while now, but before that, he also did other things that didn’t involved as many computers. At the moment he's doing this for money at Pen Test Partners.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats