Watching the Weak Link into Your Home: An Inspection and Monitoring Toolkit for TR-069

01/08/2020
by   Maximilian Hils, et al.
0

TR-069 is a standard for the remote management of end-user devices by service providers. Despite being implemented in nearly a billion devices, almost no research has been published on the security and privacy aspects of TR-069. The first contribution of this paper is a study of the TR-069 ecosystem and techniques to inspect TR-069 communication. We find that the majority of analyzed providers do not use recommended security measures, such as TLS. Second, we present a TR-069 honeyclient to both analyze TR-069 behavior of providers and test configuration servers for security vulnerabilities. We find that popular open-source configuration servers use insecure methods to authenticate clients. TR-069 implementations based on these servers expose, for instance, their users' internet telephony credentials. Third, we develop components for a distributed system to continuously monitor activities in providers' TR-069 deployments. Our setup consists of inexpensive hardware sensors deployed on customer premises and centralized log collectors. We perform real-world measurements and find that the purported security benefits of TR-069 are not realized as providers' firmware update processes are lacking.

READ FULL TEXT
research
02/13/2023

Characterizing the VPN Ecosystem in the Wild

With the shift to working remotely after the COVID-19 pandemic, the use ...
research
11/15/2017

An approach to evaluation of common DNS misconfigurations

DNS is a basic Internet service which almost all other user services dep...
research
01/02/2018

Revisiting Email Spoofing Attacks

The email system is the central battleground against phishing and social...
research
05/01/2020

Practical Traffic Analysis Attacks on Secure Messaging Applications

Instant Messaging (IM) applications like Telegram, Signal, and WhatsApp ...
research
09/21/2023

A survey of trends and motivations regarding Communication Service Providers' metro area network implementations

Relevance of research on telecommunications networks is predicated upon ...
research
11/16/2020

Analyzing Current Interference Situations of Connected Devices Using Context-Information and the Centralized Broker-Approach

The digitalization of manufacturing processes is leading to a highly inc...
research
08/06/2022

"All of them claim to be the best": Multi-perspective study of VPN users and VPN providers

As more users adopt VPNs for a variety of reasons, it is important to de...

Please sign up or login with your details

Forgot password? Click here to reset