CDRouter release 11.1 includes new test capability for MAP-E, and a custom built security test suite to validate the security of broadband edge networking devices. Keep reading

Our official press release on the security test package included with CDRouter 11.1. Keep reading

Testing Wi-Fi at the physical and MAC layer is not enough. How will real applications perform on your devices? Keep reading

Security in home networking devices, particular home Wi-Fi routers, has come to the forefront in the last few years. While many of the discovered vulnerabilities are zero-day (meaning they are new vulnerabilities that can be exploited before they are known), some of the more recent attacks including VPNFilter, are exploiting common weaknesses in consumer router design that have been well known for some time. Security requirements vs. best practices Keep reading

CDRouter release 10.6 includes support for Broadband Forum TR-143 Keep reading

If you’re developing a device or deployment that uses the CPE WAN Management Protocol (TR-069), like managed Wifi or other services, what should you test for? What are the benefits of automating it with a dedicated test platform? What are the benefits of getting certified or asking your vendors to certify? Basic components of TR-069 If you’ve been through our TR-069 training series, you’ve seen an in-depth look at all of the pieces that make CWMP work. Keep reading

Earlier we posted about new issues we’ve discovered with ARP implementations in the areas of security and robustness. In CDRouter 10.5 we added new tests to handle these discoveries. Here’s how they work: Testing These Issues with CDRouter Basic Tests The first three tests in the new ARP module, arp_1, arp_2, and arp_3, are basic tests that are designed to verify that the Device Under Test (DUT) responds to different types of ARP requests from clients on the LAN. Keep reading

by Joe McEachern & Matt Langlois What is old is new again In today’s security-focused world, every protocol is a potential attack point, even a protocol as old and localized as ARP. ARP was originally defined in 1982 as RFC 826. Despite its age, Linux kernel code for ARP is still being actively developed. There have been more than 10 commits (11 as of October 2017) made to the net/ipv4/arp. Keep reading

CDRouter release 10.5 expands wireless testing and set up using TR-069. Learn and test for vulnerabilities in ARP. Easily compare your results from one test run to the next. Keep reading

Test your devices before attackers do. It’s no question now - malicious attackers are targeting the home network, and the gateway in particular. Testing for security vulnerabilities can be tedious and ineffective if you don’t have a controlled, repeatable, and fully automated test environment. Join the CDRouter team as we show you: How to test the functional performance of your security tools like parental controls, firewalls, and the security of your user interfaces. Keep reading

CDRouter 10.3 is now available! We recently teased the release of CDRouter DOCSIS, and 10.3 contains that plus much more. Introducing CDRouter DOCSIS Testing both your cable modem and eRouter together in an automated, repeatable way has never been easy. With our new DOCSIS add-on, we’ve added all of the common DOCSIS configuration services so you can flex CDRouter’s power with both cable modems and complex eRouters that include Wifi, firewalls, and other user-critical services - all at once, all overnight, and completely automated. Keep reading

Test GRE tunnels, emulate a TR-069 ACS, and test your application latency performance Keep reading

For our article on the alleged TR-069 vulnerability during the Mirai bot scare, go here. As one of the most largely deployed broadband management protocols in the world, TR-069 has quite a footprint, and a compromised system could potentially affect many broadband subscribers adversely. Luckily, TR-069 is built to operate on secure transport protocols. While there is nothing inherently insecure to the protocol itself, improper implementation of TR-069 clients and servers may expose problems that can be exploited by malicious attackers, as is the case with any web service. Keep reading

Updates in CDRouter 10.3 The scenarios below are serious, and so we’ve added a series of tests to our tr69_conn_req.tcl module to cover your DUT’s TR-069 security and tests for code injection in TR-069 parameters. More on the Mirai worm attack in 2016 In 2016, a distributed denial of service (DDoS) attack dubbed the “Mirai worm” expanded its reach by exploiting a vulnerability in an exposed Broadband Forum TR-064 service (a deprecated service which we’ve written about here). Keep reading

Update: Learn more about how this attack could be used against TR-069 devices here. The week of November 28 2016 saw a massive attack on certain home routers deployed by several European service providers. The attack was based on the Mirai Malware attack several weeks previous that affected the dynamic DNS services provided by Dyn, Inc.. The attack focused on sending certain SOAP commands based on the Broadband Forum’s older TR-064 protocol, through port 7547. Keep reading

Holes in home gateway security allow for a malicious hacker to take over a gateway in the way they would any other computer system. While the holes in most cases have been complex and deep seated bugs that would be hard to find without a lot of work, there are some easy to find bugs that seem obvious but would be missed without negative testing. The Problem Most application protocols use some method of authentication to ensure security and control identity management of users of the service. Keep reading

The IETF deprecated SSL version 3.0 in 2015. This means that it is no longer be standard to fall back to SSL 3.0 in protocol negotiations, and for good reason: there have been a host of vulnerabilities in Secure Socket Layer, some of which are of particular concern to home networking devices that have web-based configuration tools or support TR-069. We hadn’t brought up the POODLE vulnerability before, but it, along with other vulnerabilities found in older versions of SSL and TLS, can be exploited even if your DUT is using the most recent versions of these protocols. Keep reading

DEFCON22 had a number of revelations concerning web server security of systems meant to deploy TR-069 in a subscriber network. Most of the investigation done surrounded vulnerable ACS - that is, malicious attackers gaining access to the auto-configuration server, allowing them to control many hundreds of thousands of home devices. Recently, the same investigators set their sights on the broadband CPE themselves, and discovered some interesting vulnerabilities, including one dubbed the “Misfortune Cookie”. Keep reading

You may have recently heard of a major bug in the OpenSSL implementation, widely used to provide secure communications on the web. This vulnerability is fairly widespread, but has been corrected and will be fixed as more systems are patched. We also made an example capture and explanation of the bug and a packet capture of the attack in action at our CloudShark Appliance website. The security community quickly moved on this vulnerability, and in addition to the OpenSSL patch that is available to fix the problem, there have been several tools built to test servers for the Heartbleed vulnerability. Keep reading

CDRouter includes port scanning test cases in the firewall.tcl module which will probe the WAN interface of the DUT for open TCP and UDP ports over IPv4. These open ports provide services either by the DUT or forwarded to internal LAN clients. Users of the CDRouter IPv6 add-on will find they can also perform similar tests over IPv6. Although there are certainly legitimate uses of port scanning, the vast majority of it occurs on the public Internet and is directed toward the WAN ports of random CPEs. Keep reading