We help IT Professionals succeed at work.

4G WWAN Dongle security question

Dear Ladies and Gentlemen

we need to find whether D-Link DWM-222 Dongles have any security vulnerability (with latest firmware update).
Do you know any? If not where should I start?

Thanks
Comment
Watch Question

Distinguished Expert 2019

Commented:
You could check sources like the CVE database.
*** Hopeleonie ***IT Manager

Author

Commented:
Do you mean CVE Details?
https://www.cvedetails.com/
Distinguished Expert 2019
Commented:
Yes. I also did some searching around on Google, and haven't found anything from a vulnerability standpoint. Maybe if you know some security researchers, that might be another path if you wanted to take it that far.
You need to assume that the ip will be remotely accessible since that is the normal operation.

You need to assume the in flight data to be sniffable at many random places. That can only be alleviated by end to end encryption.

so unless i am missing something, the only issue is wether some usb magic can be remoyely triggered using the dongle. My recommendation is make sure the dongle is plugged into a dedicated computer acting as a router and that computer is treated as yet another internet access on your firewall.

Once this is cleared up, your only concern is whether a remote attacker be able to break the machine or connection. Which id where CVEs start to matter.
Exec Consultant
Distinguished Expert 2019
Commented:
In fact it has been taken apart. Interesting findings
- it was easy to unpack the firmware and poke around it. No encryption/ signatures/etc. was in place.
It is, as suspected, Linux.

https://osmocom.org/projects/quectel-modems/wiki/D-Link_DWM-222_stick/10

Since it is running linux as underlying firmware then maybe vulnerability revolving it may be a place to explore and search further.
*** Hopeleonie ***IT Manager

Author

Commented:
Thanks a lot Experts :)