Sierra Wireless AirLink Raven X EV-DO Vulnerabilities

On 7-Jan 2014, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) of the US Department of Homeland Security issued an advisory (ICSA-14-007-01) highlighting security vulnerabilities in the Raven X EV-DO. The purpose of this notice is to give further technical background on these vulnerabilities and offer appropriate mitigation strategies.

Technical Background
The vulnerabilities addressed in the advisory relate to the device's firmware update mechanism. During the update process, password data is transmitted to the device. If a malicious entity were able to capture data packets transmitted during the firmware update process, they could use the captured data to reprogram the device at a later time. 

View PDF below for recommended mitigation.

Links of Interest: