The problem lies in the fact that the modem's firmware lacks a cryptographic signature verification, in itself this doesn't provide a vector for a malware attack but once your system is infected by malware this vulnerability gives malicious software a place to hide where it is extremely hard to detect.
The Intel researchers worked with Huawei on fixing the issue and the module now performs a secure boot, preventing the flashing of unauthorized firmware images.
The malicious firmware could be flashed by a malicious program that already runs on the computer, or by users themselves if an attacker tricks them into thinking that a new update is available.Full details at ComputerWorld.
If successful, the attack would provide a way to reinfect the main OS even if it is reinstalled. Moreover, the rogue firmware could be modified to ignore any subsequent firmware update requests, leaving the user with no option to recover from such a compromise, except for taking his laptop or tablet apart and pulling out the infected modem module.
Huawei has addressed the issue and the module now performs a secure boot, preventing the use of unauthorized firmware images, the researchers said, adding that the company has been very responsive and great to work with.