In this work, we demonstrate the feasibility of the large-scale scanning over the 3G/4G intranet. First, we adapt the Nmap scanner for 3G/4G intranets. We use it to scan more than 16 million mobile users of the three main ISPs in China, including China Mobile, China Telecom and China Unicom. During our scanning, we find that 2% of the scanned devices are installed with apps containing the WormHole vulnerability.

by Guangdong Bai, Zhang Qing

Full Abstract & Presentation Materials:
https://www.blackhat.com/asia-17/brie...