Presented at
DEF CON 32 (2024),
Aug. 10, 2024, 2 p.m.
(45 minutes).
On December 25th, 2021, I discovered that my modem had been hacked after a strange IP address replayed my traffic. I began researching who they were, how it happened, and eventually discovered a vulnerability which allowed me to passively monitor, change configurations, and execute commands on millions of devices. This talk details 3 years of intermittent web research on ISP security and how broadband equipment is becoming scarily centralized.
1. N. Mavrakis, "Vulnerabilities of ISPs," in IEEE Potentials, vol. 22, no. 4, pp. 9-15, Oct.-Nov. 2003, doi: 10.1109/MP.2003.1238687
2. I Hunt TR-069 Admins: Pwning ISPs Like a Boss (Shahar Tal, August 2014, [link](https://www.youtube.com/watch?v=rz0SNEFZ8h0))
3. TR-069 Wikipedia [link](https://en.wikipedia.org/wiki/TR-069#Security)
4. Cox Communications VDP [link](https://www.cox.com/aboutus/policies/cox-security-responsible-disclosure-policy.html)
Presenters:
-
Sam Curry
- Founder at Palisade
Sam Curry is a web security researcher, bug bounty hunter, and the founder of Palisade, a security consultancy.
Similar Presentations: