Few word on TR-069

Posted on November 27, 2016 in Blog • 1 min read

It is all over the news, about 900,000 Deutsche Telekom DSL customers have been hit by a wide cyber attack related to the**Mirai botnet** and went offline for quite a while.

There are many analyses around, so I do not want to spend more words about Internet of Things (IoT), the malware and the exploit used, or about the attribution dice.

So what?

How was the reaction? It is always time for a meme.

panic attacks

What really happened?

  • In november an exploit for a router was published. Carriers are used to send management commands to home routers using a protocol dubbeb TR-069. A remote command execution vulnerability was found in the service listening for TR-069 commands.
  • Someone weaponized and deployed on large scale a similar exploit, targetting Deutsche Telekom routers, but something goes wrong, and the end is story.

What is TR-069?

TR-069 is the abbreviation of Technical Report 069, it is a technical specification that defines a protocol for remote management of end-user devices (i.e. home routers).

What about security?