I Hunt TR-069 Admins - Pwning ISPs Like a Boss

Explore the rising trend of residential gateway exploitation and the vulnerabilities in TR-069/CWMP, the de-facto CPE device management protocol, in this 33-minute conference talk from 44CON Information Security Conference. Delve into the previously under-researched Auto Configuration Server (ACS) software, which controls entire fleets of consumer premises devices for ISPs and Telco providers. Discover how compromising these servers can impact critical numbers of users. Examine several TR-069 ACS platforms, revealing instances of poorly secured deployments that could potentially grant control over hundreds of thousands of devices. Learn about exploits for vulnerabilities discovered in ACS software, including remote code execution on multiple platforms. Gain insights into the security landscape of SOHO routers and the potential risks associated with TR-069 protocol implementation.