Hacking Millions of Modems (and Investigating Who Hacked My Modem)

Presented at DEF CON 32 (2024), Aug. 10, 2024, 2 p.m. (45 minutes).

On December 25th, 2021, I discovered that my modem had been hacked after a strange IP address replayed my traffic. I began researching who they were, how it happened, and eventually discovered a vulnerability which allowed me to passively monitor, change configurations, and execute commands on millions of devices. This talk details 3 years of intermittent web research on ISP security and how broadband equipment is becoming scarily centralized. 1. N. Mavrakis, "Vulnerabilities of ISPs," in IEEE Potentials, vol. 22, no. 4, pp. 9-15, Oct.-Nov. 2003, doi: 10.1109/MP.2003.1238687 2. I Hunt TR-069 Admins: Pwning ISPs Like a Boss (Shahar Tal, August 2014, [link](https://www.youtube.com/watch?v=rz0SNEFZ8h0)) 3. TR-069 Wikipedia [link](https://en.wikipedia.org/wiki/TR-069#Security) 4. Cox Communications VDP [link](https://www.cox.com/aboutus/policies/cox-security-responsible-disclosure-policy.html)

Presenters:

  • Sam Curry - Founder at Palisade
    Sam Curry is a web security researcher, bug bounty hunter, and the founder of Palisade, a security consultancy.

Similar Presentations: