DeepAI AI Chat
Log In Sign Up

Watching the Weak Link into Your Home: An Inspection and Monitoring Toolkit for TR-069

by   Maximilian Hils, et al.
Leopold Franzens Universität Innsbruck

TR-069 is a standard for the remote management of end-user devices by service providers. Despite being implemented in nearly a billion devices, almost no research has been published on the security and privacy aspects of TR-069. The first contribution of this paper is a study of the TR-069 ecosystem and techniques to inspect TR-069 communication. We find that the majority of analyzed providers do not use recommended security measures, such as TLS. Second, we present a TR-069 honeyclient to both analyze TR-069 behavior of providers and test configuration servers for security vulnerabilities. We find that popular open-source configuration servers use insecure methods to authenticate clients. TR-069 implementations based on these servers expose, for instance, their users' internet telephony credentials. Third, we develop components for a distributed system to continuously monitor activities in providers' TR-069 deployments. Our setup consists of inexpensive hardware sensors deployed on customer premises and centralized log collectors. We perform real-world measurements and find that the purported security benefits of TR-069 are not realized as providers' firmware update processes are lacking.


Characterizing the VPN Ecosystem in the Wild

With the shift to working remotely after the COVID-19 pandemic, the use ...

An approach to evaluation of common DNS misconfigurations

DNS is a basic Internet service which almost all other user services dep...

Revisiting Email Spoofing Attacks

The email system is the central battleground against phishing and social...

Practical Traffic Analysis Attacks on Secure Messaging Applications

Instant Messaging (IM) applications like Telegram, Signal, and WhatsApp ...

"All of them claim to be the best": Multi-perspective study of VPN users and VPN providers

As more users adopt VPNs for a variety of reasons, it is important to de...