Hello, welcome to the Tuesday, April 11th, 2017 edition of the Santernet Storm Center's Stormcast.

My name is Johannes Ulrich, and I am recording from Orlando, Florida.

Jan Hirsch of German security company Securai found an interesting vulnerability in TPLink 3G modems slash routers.

These are devices that you use to connect your systems to 3G or LTE networks.

And the interesting part here is that if this particular device receives a specific SMS message, it will respond with the admin

username and password. Apparently this was a left behind debug features. Of course, these

modems are designed to receive SMS messages and, yes, typically use a little web interface or so to read them

or send messages yourself. There have been similar vulnerabilities like this in the past. Usually

actually one vulnerability that often does show up in these SMSed devices is also the ability to update the firmer

with random URLs that are being passed to the device.

Mr. Hirsch found a number of additional vulnerabilities that are listed in the article,

for example, a StarTech Wi-Fi router that uses a hard-coded admin

password, so the user can't change it. I think that's almost a standard feature in devices like this.

And he also, and that's sort of almost the main point of the article, complains that it's very difficult and fruitless in many cases

to actually report these vulnerabilities to the vendor.

And Google Maps in the headlines again.

If you remember a couple years ago, one thing that often happened with Google Maps was

that people were attaching fake phone numbers

to listings like, for example, FBI offices or IRS offices.

So if someone looked them up via Google Maps, they then received the wrong phone number.

Well, since then, Google has tightened up the

verification process somewhat, but obviously not well enough. And recently, according to

...