4G WWAN Dongle security question

*** Hopeleonie ***
*** Hopeleonie *** used Ask the Experts™
on
Dear Ladies and Gentlemen

we need to find whether D-Link DWM-222 Dongles have any security vulnerability (with latest firmware update).
Do you know any? If not where should I start?

Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2018

Commented:
You could check sources like the CVE database.
*** Hopeleonie ***IT Manager

Author

Commented:
Do you mean CVE Details?
https://www.cvedetails.com/
Distinguished Expert 2018
Commented:
Yes. I also did some searching around on Google, and haven't found anything from a vulnerability standpoint. Maybe if you know some security researchers, that might be another path if you wanted to take it that far.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

You need to assume that the ip will be remotely accessible since that is the normal operation.

You need to assume the in flight data to be sniffable at many random places. That can only be alleviated by end to end encryption.

so unless i am missing something, the only issue is wether some usb magic can be remoyely triggered using the dongle. My recommendation is make sure the dongle is plugged into a dedicated computer acting as a router and that computer is treated as yet another internet access on your firewall.

Once this is cleared up, your only concern is whether a remote attacker be able to break the machine or connection. Which id where CVEs start to matter.
Exec Consultant
Distinguished Expert 2018
Commented:
In fact it has been taken apart. Interesting findings
- it was easy to unpack the firmware and poke around it. No encryption/ signatures/etc. was in place.
It is, as suspected, Linux.

https://osmocom.org/projects/quectel-modems/wiki/D-Link_DWM-222_stick/10

Since it is running linux as underlying firmware then maybe vulnerability revolving it may be a place to explore and search further.
*** Hopeleonie ***IT Manager

Author

Commented:
Thanks a lot Experts :)

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial