Mickey Shkatov and Jesse Michael from Intel's security group demonstrated at the Def Con security conference in Las Vegas how the firmware of a popular Huawei LTE model used in many laptops could be rewritten to infect the system with malware that survives a disk format.
The problem lies in the fact that the modem's firmware lacks a cryptographic signature verification, in itself this doesn't provide a vector for a malware attack but once your system is infected by malware this vulnerability gives malicious software a place to hide where it is extremely hard to detect.
The Intel researchers worked with Huawei on fixing the issue and the module now performs a secure boot, preventing the flashing of unauthorized firmware images.
The malicious firmware could be flashed by a malicious program that already runs on the computer, or by users themselves if an attacker tricks them into thinking that a new update is available.
If successful, the attack would provide a way to reinfect the main OS even if it is reinstalled. Moreover, the rogue firmware could be modified to ignore any subsequent firmware update requests, leaving the user with no option to recover from such a compromise, except for taking his laptop or tablet apart and pulling out the infected modem module.
Huawei has addressed the issue and the module now performs a secure boot, preventing the use of unauthorized firmware images, the researchers said, adding that the company has been very responsive and great to work with.