AT&T 3G MicroCell security flaw allows users to gain wide open root access

As the title implies, a recent security flaw in AT&T’s 3G MicroCell units has been discovered. However, most AT&T customers shouldn’t be concerned. A MicroCell is a femtocell, a device that’s designed to create a small area of 3G coverage using your wired internet connection, which means you’d only need it if your home or office area doesn’t get great signal. It appears Cisco (who manufactures and makes the device) has done a subpar job in securing the piece of equipment, given fail0verflow’s claims. Hacker group fail0verflow is widely known for their debut of the PlayStation 3’s private key, allowing unaccountable programs to be run.

As for the exploit, it appears users can connect to the WAN port and execute Linux commands with root access without any sort of authentication required. If you use the MicroCell behind a firewalled router, it wouldn’t be a big as an issue as you’d think, mainly because malicious hackers won’t have an easy way to connect to the MicroCell remotely.  If you use the device directly connected to your modem, it might be something you’d want to keep in the back of your mind. The hacker group hasn’t yet unveiled what they’re able to do with the ability to gain root access, but AT&T and Cisco should definitely be looking to get it fixed as quickly as possible.


Leave a comment