A look at TR-06FAIL and other CPE Configuration Management Disasters

Presented at Still Hacking Anyway (SHA2017), Aug. 6, 2017, 2:30 p.m. (60 minutes)

In late 2016 a TR-064 (LAN-side CPE management) misconfiguration in a wide range of CPE devices was disclosed that allowed for remote device takeover. Within days, botnets began exploiting a related command injection issue, leading to widespread internet outages for customers of certain ISP's in the UK and abroad. This talk will explore the impacts of these issues, along with taking a look at some other, related vulnerabilities related to TR-069 (WAN-side CPE management) protocol implementations that could allow for remote takeover of routers en-masse. #NetworkSecurity #DeviceSecurity Will be looking at ACS servers, general TR-069 vulnerabilities, the TR-064 issue, and other epic fails :)

Presenters:

• Darren Martyn
  Security researcher who comes from a forensics/chemistry background, with interests in embedded device security and malware analysis.

Links:

• https://program.sha2017.org/events/176.html

Similar Presentations:

• 31C3 (2014) / Too Many Cooks - Exploiting the Internet-of-TR-069-Things
• ShmooCon XI (2015) / Come to the Dark Side - We Have (Misfortune) Cookies
• DEF CON 22 (2014) / I Hunt TR-069 Admins: Pwning ISPs Like a Boss