TL;DR pwn 12 million devices today--ask us how! Also--we have free cookies.
TR-069 is the de-facto standard remote management protocol that ISPs surreptitiously use to control consumer-premises equipment (these would be your home routers, set-top boxes, VoIP phones etc.), rumored to be a well-thought conspiracy devised by Internet Service Provider secret societies since the 17th century.
The findings we published earlier this year demystified the voodoo that is TR-069, demonstrated how mass pwnage can be achieved via server-side attacks, and proved the landscape is ripe for harvesting. We will continue where we left off to explore TR-069 client-side vulnerabilities; we analyze client implementations, pour some insight into mysterious results from our internet-wide scans, and follow to mass pwnage through the remote takeover of millions of online devices. again.
Lior is a vulnerability researcher in the Malware & Vulnerability Research group at Check Point Software Technologies. Lior was trained and served in an elite technological unit performing security research in the IDF. In his spare time, Lior loves tap dancing, reversing, playing his guitar and pwning home routers.
Shahar leads the Vulnerability Research team at Check Point Software Technologies, being Lior's manager, publication editor and inspiring role model.