It is all over the news, about 900,000 Deutsche Telekom DSL customers have been hit by a wide cyber attack related to the**Mirai botnet** and went offline for quite a while.
What really happened?
- In november an exploit for a router was published. Carriers are used to send management commands to home routers using a protocol dubbeb TR-069. A remote command execution vulnerability was found in the service listening for TR-069 commands.
- Someone weaponized and deployed on large scale a similar exploit, targetting Deutsche Telekom routers, but something goes wrong, and the end is story.
What is TR-069?
TR-069 is the abbreviation of Technical Report 069, it is a technical specification that defines a protocol for remote management of end-user devices (i.e. home routers).