The rapid expansion of Wi-Fi as the medium of choice for home networking has introduced an explosion of new products from both new and established manufacturers. If you’re a developer or QA testing looking to prove your implementation works, or a service provider testing before deployment, you’ve probably learned that testing Wi-Fi involves more than just physical and MAC layer performance and interoperability. What else should you test to ensure that your devices will work well in the real world? Read more...
Security in home networking devices, particular home Wi-Fi routers, has come to the forefront in the last few years. While many of the discovered vulnerabilities are zero-day (meaning they are new vulnerabilities that can be exploited before they are known), some of the more recent attacks including VPNFilter, are exploiting common weaknesses in consumer router design that have been well known for some time. Security requirements vs. best practices Read more...
CDRouter 10.6 is now available! This release has some amazing new tests and features for TR-069 testing, IPv6, and Wireless WAN. TR-143 performance testing TR-069 includes a set of diagnostic tools defined and controlled through the TR-069 data model, originally outlined in Broadband Forum Technical Report 143 (TR-143), “Enabling Network Throughput Performance Tests and Statistical Monitoring”. Doing these tests requires triggering a CWMP endpoint to do things like download from an HTTP server, which also requires an HTTP server to be set up as part of your testing. Read more...
If you’re developing a device or deployment that uses the CPE WAN Management Protocol (TR-069), like managed Wifi or other services, what should you test for? What are the benefits of automating it with a dedicated test platform? What are the benefits of getting certified or asking your vendors to certify? Basic components of TR-069 If you’ve been through our TR-069 training series, you’ve seen an in-depth look at all of the pieces that make CWMP work. Read more...
Earlier we posted about new issues we’ve discovered with ARP implementations in the areas of security and robustness. In CDRouter 10.5 we added new tests to handle these discoveries. Here’s how they work: Testing These Issues with CDRouter Basic Tests The first three tests in the new ARP module, arp_1, arp_2, and arp_3, are basic tests that are designed to verify that the Device Under Test (DUT) responds to different types of ARP requests from clients on the LAN. Read more...
by Joe McEachern & Matt Langlois What is old is new again In today’s security-focused world, every protocol is a potential attack point, even a protocol as old and localized as ARP. ARP was originally defined in 1982 as RFC 826. Despite its age, Linux kernel code for ARP is still being actively developed. There have been more than 10 commits (11 as of October 2017) made to the net/ipv4/arp. Read more...
CDRouter 10.5 is now available! We’ve brought huge leaps in CDRouter’s wireless test capability, some critical tests for ARP vulnerabilities, and more: New wireless tests As Wifi becomes the technology of choice for the home network, the demands on Wifi APs and Wifi gateways are getting more nad more intense. We’ve added five new tests in our Wifi test module that flex a DUT’s handling of association, and that Wifi beacons are compliant with the standard. Read more...
Test your devices before attackers do. It’s no question now - malicious attackers are targeting the home network, and the gateway in particular. Testing for security vulnerabilities can be tedious and ineffective if you don’t have a controlled, repeatable, and fully automated test environment. Join the CDRouter team as we show you: How to test the functional performance of your security tools like parental controls, firewalls, and the security of your user interfaces. Read more...
CDRouter 10.3 is now available! We recently teased the release of CDRouter DOCSIS, and 10.3 contains that plus much more. Introducing CDRouter DOCSIS Testing both your cable modem and eRouter together in an automated, repeatable way has never been easy. With our new DOCSIS add-on, we’ve added all of the common DOCSIS configuration services so you can flex CDRouter’s power with both cable modems and complex eRouters that include Wifi, firewalls, and other user-critical services - all at once, all overnight, and completely automated. Read more...
CDRouter 10.4 is now available! With some major features and upgrades to performance, TR-069, and more, it’s a great time to upgrade your CDRouter system. Application Latency Performance Testing When it comes to performance testing, layer 2 throughput testing is what most tools stick to. But is it enough? No - “line rate” can only mean so much. CDRouter 10.4 introduces application specific latency test cases for DHCP, DNS, and ICMP, to help you exercise how your devices will actually behave from an end user’s perspective. Read more...
For our article on the alleged TR-069 vulnerability during the Mirai bot scare, go here. As one of the most largely deployed broadband management protocols in the world, TR-069 has quite a footprint, and a compromised system could potentially affect many broadband subscribers adversely. Luckily, TR-069 is built to operate on secure transport protocols. While there is nothing inherently insecure to the protocol itself, improper implementation of TR-069 clients and servers may expose problems that can be exploited by malicious attackers, as is the case with any web service. Read more...
Updates in CDRouter 10.3 The scenarios below are serious, and so we’ve added a series of tests to our tr69_conn_req.tcl module to cover your DUT’s TR-069 security and tests for code injection in TR-069 parameters. More on the Mirai worm attack in 2016 In 2016, a distributed denial of service (DDoS) attack dubbed the “Mirai worm” expanded its reach by exploiting a vulnerability in an exposed Broadband Forum TR-064 service (a deprecated service which we’ve written about here). Read more...
Update: Learn more about how this attack could be used against TR-069 devices here. The week of November 28 2016 saw a massive attack on certain home routers deployed by several European service providers. The attack was based on the Mirai Malware attack several weeks previous that affected the dynamic DNS services provided by Dyn, Inc.. The attack focused on sending certain SOAP commands based on the Broadband Forum’s older TR-064 protocol, through port 7547. Read more...
Holes in home gateway security allow for a malicious hacker to take over a gateway in the way they would any other computer system. While the holes in most cases have been complex and deep seated bugs that would be hard to find without a lot of work, there are some easy to find bugs that seem obvious but would be missed without negative testing. The Problem Most application protocols use some method of authentication to ensure security and control identity management of users of the service. Read more...
Well, it’s official, the IETF is deprecating SSL version 3.0. This means that it will no longer be standard to fall back to SSL 3.0 in protocol negotiations, and for good reason: there have been a host of vulnerabilities in Secure Socket Layer, some of which are of particular concern to home networking devices that have web-based configuration tools or support TR-069. We hadn’t brought up the POODLE vulnerability before, but it, along with other vulnerabilities found in older versions of SSL and TLS, can be exploited even if your DUT is using the most recent versions of these protocols. Read more...
Several months ago we talked about the revelations at DEFCON22 concerning web server security of systems meant to deploy TR-069 in a subscriber network. Most of the investigation done surrounded vulnerable ACS - that is, malicious attackers gaining access to the auto-configuration server, allowing them to control many hundreds of thousands of home devices. Recently, the same investigators set their sights on the broadband CPE themselves, and discovered some interesting vulnerabilities, including one dubbed the “Misfortune Cookie”. Read more...
You may have recently heard of a major bug in the OpenSSL implementation, widely used to provide secure communications on the web. This vulnerability is fairly widespread, but has been corrected and will be fixed as more systems are patched. We also made an example capture and explanation of the bug and a packet capture of the attack in action at our CloudShark Appliance website. The security community quickly moved on this vulnerability, and in addition to the OpenSSL patch that is available to fix the problem, there have been several tools built to test servers for the Heartbleed vulnerability. Read more...
CDRouter includes port scanning test cases in the firewall.tcl module which will probe the WAN interface of the DUT for open TCP and UDP ports over IPv4. These open ports provide services either by the DUT or forwarded to internal LAN clients. Users of the CDRouter IPv6 add-on will find they can also perform similar tests over IPv6. Although there are certainly legitimate uses of port scanning, the vast majority of it occurs on the public Internet and is directed toward the WAN ports of random CPEs. Read more...
