A look at TR-06FAIL and other CPE Configuration Management Disasters (SHA2017)

Chaos Computer Club - SHA2017: Still Hacking Anyway (mp3) · Darren Martyn

August 5, 201738m 41s

Audio is streamed directly from the publisher (cdn.media.ccc.de) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.

Original episode page

Show Notes

In late 2016 a TR-064 (LAN-side CPE management) misconfiguration in a wide range of CPE devices was disclosed that allowed for remote device takeover. Within days, botnets began exploiting a related command injection issue, leading to widespread internet outages for customers of certain ISP's in the UK and abroad. This talk will explore the impacts of these issues, along with taking a look at some other, related vulnerabilities related to TR-069 (WAN-side CPE management) protocol implementations that could allow for remote takeover of routers en-masse. #NetworkSecurity #DeviceSecurity about this event: https://c3voc.de

Topics

SHA2017176

← All episodes of Chaos Computer Club - SHA2017: Still Hacking Anyway (mp3)