Security

How do you test TR-069 enabled devices?

Are you developing a device or deployment that uses the CPE WAN Management Protocol (TR-069), like managed Wifi or other services? When testing TR-069, what should you test for? What are the benefits of automating it with a dedicated test platform? What are the benefits of getting certified or asking your vendors to certify? Join the QA Cafe team as we show you: The different parts of TR-069 and what can and should be tested. Read more...

Automated home gateway security testing

Test your devices before attackers do. It’s no question now - malicious attackers are targeting the home network, and the gateway in particular. Testing for security vulnerabilities can be tedious and ineffective if you don’t have a controlled, repeatable, and fully automated test environment. Join the CDRouter team as we show you: How to test the functional performance of your security tools like parental controls, firewalls, and the security of your user interfaces. Read more...

CDRouter Release 10.3 - DOCSIS, DUT Control, and More

CDRouter 10.3 is now available! We recently teased the release of CDRouter DOCSIS, and 10.3 contains that plus much more. Introducing CDRouter DOCSIS Testing both your cable modem and eRouter together in an automated, repeatable way has never been easy. With our new DOCSIS add-on, we’ve added all of the common DOCSIS configuration services so you can flex CDRouter’s power with both cable modems and complex eRouters that include Wifi, firewalls, and other user-critical services - all at once, all overnight, and completely automated. Read more...

CDRouter Release 10.4 - GRE, Application Latency, TR-069 Bootstrap, and more

CDRouter 10.4 is now available! With some major features and upgrades to performance, TR-069, and more, it’s a great time to upgrade your CDRouter system. Application Latency Performance Testing When it comes to performance testing, layer 2 throughput testing is what most tools stick to. But is it enough? No - “line rate” can only mean so much. CDRouter 10.4 introduces application specific latency test cases for DHCP, DNS, and ICMP, to help you exercise how your devices will actually behave from an end user’s perspective. Read more...

Best Practices for Securing TR-069

For our article on the alleged TR-069 vulnerability during the Mirai bot scare, go here. As one of the most largely deployed broadband management protocols in the world, TR-069 has quite a footprint, and a compromised system could potentially affect many broadband subscribers adversely. Luckily, TR-069 is built to operate on secure transport protocols. While there is nothing inherently insecure to the protocol itself, improper implementation of TR-069 clients and servers may expose problems that can be exploited by malicious attackers, as is the case with any web service. Read more...

Is your TR-069 implementation vulnerable to code injection attacks?

Updates in CDRouter 10.3 The scenarios below are serious, and so we’ve added a series of tests to our tr60_conn_req.tcl module to cover your DUT’s TR-069 security and tests for code injection in TR-069 parameters. More on the Mirai worm attack in 2016 In 2016, a distributed denial of service (DDoS) attack dubbed the “Mirai worm” expanded its reach by exploiting a vulnerability in an exposed Broadband Forum TR-064 service (a deprecated service which we’ve written about here). Read more...

Mirai attack on home routers and alleged TR-069 vulnerability

Update: Learn more about how this attack could be used against TR-069 devices here. The week of November 28 2016 saw a massive attack on certain home routers deployed by several European service providers. The attack was based on the Mirai Malware attack several weeks previous that affected the dynamic DNS services provided by Dyn, Inc.. The attack focused on sending certain SOAP commands based on the Broadband Forum’s older TR-064 protocol, through port 7547. Read more...

Known Gateway Bugs - Ignoring Credentials

Holes in home gateway security allow for a malicious hacker to take over a gateway in the way they would any other computer system. While the holes in most cases have been complex and deep seated bugs that would be hard to find without a lot of work, there are some easy to find bugs that seem obvious but would be missed without negative testing. The Problem Most application protocols use some method of authentication to ensure security and control identity management of users of the service. Read more...

What should you test in Wifi mesh enabled routers?

Of all of the things about broadband service that is most keenly felt by the end user, it’s the quality of their Wifi networks. Wifi is unique in that it is a complex networking system that users are aware of, and make purchasing decisions for consumer electronics and for broadband service around it. Realizing this, many companies are building Wifi products that specifically target the consumer rather than relying on the provider to deploy Wifi service, using Wifi mesh technology to deploy quality, reliable Wifi throughout the user’s home or business. Read more...

Protecting Against Vulnerabilities in SSL

Well, it’s official, the IETF is deprecating SSL version 3.0. This means that it will no longer be standard to fall back to SSL 3.0 in protocol negotiations, and for good reason: there have been a host of vulnerabilities in Secure Socket Layer, some of which are of particular concern to home networking devices that have web-based configuration tools or support TR-069. We hadn’t brought up the POODLE vulnerability before, but it, along with other vulnerabilities found in older versions of SSL and TLS, can be exploited even if your DUT is using the most recent versions of these protocols. Read more...

The Misfortune Cookie and Security in the Home Gateway

Several months ago we talked about the revelations at DEFCON22 concerning web server security of systems meant to deploy TR-069 in a subscriber network. Most of the investigation done surrounded vulnerable ACS - that is, malicious attackers gaining access to the auto-configuration server, allowing them to control many hundreds of thousands of home devices. Recently, the same investigators set their sights on the broadband CPE themselves, and discovered some interesting vulnerabilities, including one dubbed the “Misfortune Cookie”. Read more...

Open SSL Heartbleed Bug in the Home Gateway

You may have recently heard of a major bug in the OpenSSL implementation, widely used to provide secure communications on the web. This vulnerability is fairly widespread, but has been corrected and will be fixed as more systems are patched. We also made an example capture and explanation of the bug and a packet capture of the attack in action at our CloudShark Appliance website. The security community quickly moved on this vulnerability, and in addition to the OpenSSL patch that is available to fix the problem, there have been several tools built to test servers for the Heartbleed vulnerability. Read more...

Port Scanning Test Configuration for IPv4 and IPv6

CDRouter includes port scanning test cases in the firewall.tcl module which will probe the WAN interface of the DUT for open TCP and UDP ports over IPv4. These open ports provide services either by the DUT or forwarded to internal LAN clients. Users of the CDRouter IPv6 add-on will find they can also perform similar tests over IPv6. Although there are certainly legitimate uses of port scanning, the vast majority of it occurs on the public Internet and is directed toward the WAN ports of random CPEs. Read more...