Security researchers have discovered a bunch of vulnerabilities affecting 4G hotspots from Chinese handset maker ZTE that could allow a potential hacker to redirect traffic from the hotspot to other malicious websites.
Discovered by a Pen Test Partners researcher, who goes by the name of “Dave Null”, the security flaws in the hotspot devices were disclosed at Defcon — an annual hacking conference held in Las Vegas on Saturday, CNET reported.
According to Null, in order to exploit the vulnerabilities, an attacker only needed the victim to visit a malicious website using one of ZTE’s hotspots.
Once the attacker had the password to the hotspot, there were plenty of options for further hacks.
The hacker could start logging a person’s web activity, use the hotspot as a way to attack devices connected to it and redirect web traffic to more malicious websites, the report said.
Null claimed that the vulnerabilities are likely to apply to more ZTE products in the “MF” line because many of the devices share the same code, the report noted.