Scammers have been abusing unsecured cellular routers used in industrial settings to blast SMS-based phishing messages in campaigns that have been ongoing since 2023, researchers said.
The routers, manufactured by China-based Milesight IoT Co., Ltd., are rugged Internet of Things devices that use cellular networks to connect traffic lights, electric power meters, and other sorts of remote industrial devices to central hubs. They come equipped with SIM cards that work with 3G/4G/5G cellular networks and can be controlled by text message, Python scripts, and web interfaces.
An unsophisticated, yet effective, delivery vector
Security company Sekoia on Tuesday said that an analysis of “suspicious network traces” detected in its honeypots led to the discovery of a cellular router being abused to send SMS messages with phishing URLs. As company researchers investigated further, they identified more than 18,000 such routers accessible on the Internet, with at least 572 of them allowing free access to programming interfaces to anyone who took the time to look for them. The vast majority of the routers were running firmware versions that were more than three years out of date and had known vulnerabilities.
This is a really eye-opening post! It’s concerning to see how scammers exploit unsecured technology for phishing attempts. Thanks for shedding light on this important issue.
I completely agree! It’s alarming how often unsecured devices can become gateways for scams. It might be worth noting that increasing awareness about securing these routers can help mitigate such risks. Thanks for sharing your thoughts!
You’re right, and it’s surprising how many companies overlook their security measures. It’s crucial for organizations to regularly audit their devices and networks to prevent such vulnerabilities. Awareness is key in combating these scams!
Absolutely, it’s often the overlooked areas that become prime targets. Investing in proper security for these devices can significantly reduce the risk of such scams. Regular audits and updates can make a big difference!
You’re right, overlooked areas can be major vulnerabilities. It’s interesting to note that even basic security measures, like changing default passwords on devices, can significantly reduce the risk of these kinds of attacks.
You’re absolutely right about overlooked vulnerabilities! It’s fascinating how something as seemingly simple as an unsecured router can lead to widespread scams. It highlights the importance of securing all devices, not just the obvious ones.