TL;DR pwn 12 million devices today--ask us how! Also--we have free cookies.
TR-069 is the de-facto standard remote management protocol that ISPs surreptitiously use to control consumer-premises equipment (these would be your home routers, set-top boxes, VoIP phones etc.), rumored to be a well-thought conspiracy devised by Internet Service Provider secret societies since the 17th century.
The findings we published earlier this year demystified the voodoo that is TR-069, demonstrated how mass pwnage can be achieved via server-side attacks, and proved the landscape is ripe for harvesting. We will continue where we left off to explore TR-069 client-side vulnerabilities; we analyze client implementations, pour some insight into mysterious results from our internet-wide scans, and follow to mass pwnage through the remote takeover of millions of online devices. again.