TelecomTV TelecomTV
  • News
  • Videos
  • Channels
  • Events
  • Directory
  • Smart Studio
  • Surveys
  • Debates
  • Perspectives
  • DSP Leaders World Forum
  • DSP Leaders
  • Great Telco Debate
    • |
    • Follow
    • |
    • Subscribe
  • |
  • More
  • Webcasts
  • Surveys
  • Debates
  • Perspectives
  • Great Telco Debate
  • |
  • Follow TelecomTV
  • |
    • Subscribe
    • |
  • About
  • Privacy
  • Help
  • Contact
  • Follow TelecomTV
  • About
  • Privacy
  • Help
  • Contact
  • Sign In Register Subscribe
    • Subscribe
    • Sign In
    • Register
  • Search

Tracker

TelecomTV TRACKER

Sourced by TelecomTV's TRACKER platform
from Deutsche Telekom Media Center

Tracker

The "open interface" myth: what really happened

Via Deutsche Telekom Media Center

Dec 1, 2016

Media 12-01-2016

Since yesterday, speculation about alleged vulnerabilities has been rampant, in connection with a broad-based external attack on the Speedport routers of Deutsche Telekom customers. We have compiled detailed background information below that we hope will help to objectify the discussion.

For the secure remote maintenance of the Speedport routers, a feature called "Easy Support", Deutsche Telekom uses the TR-069 protocol, a standard defined by the Broadband Forum. This feature enables the installation of firmware updates and the configuration of specific devices, for example, as well as fault diagnosis when requested by the customer. All remote maintenance functions require the user device to initiate a secure connection, protected by the latest encryption standards, with Deutsche Telekom's auto-configuration server (ACS). The ACS is the network-side component for the remote maintenance functions. Therefore, it is not possible to access the data model on a user device through a connection initiated from the Internet. The following events cause a user device to log on to the ACS:

  • The user device is restarted or the Internet connection was interrupted and is re-established.
  • The user device is online and a predefined time interval has passed.
  • The ACS requested the user device to connect. This "connection request" is defined in the TR-069 standard.

For the connection request to work, the ACS must be able to access the user device over the Internet. The standard defines port 7547/tcp for this function and all Speedport routers use this port. The connection request is sent using the HTTP protocol. On Speedport routers, a variety of security features protect this mechanism against misuse. For example, the ACS has to authenticate itself on the user device using a device-specific password. Once more: when a connection request is sent, it triggers the user device to create a secure connection to a preconfigured ACS at Deutsche Telekom. In general, the connection request does not permit access to the data model on the user device.

Vulnerabilities in remote maintenance functions for Internet routers that use the TR-069 protocol were already published several years ago. Deutsche Telekom monitored and assessed these publications. In addition, we also examined our own infrastructure for potential vulnerabilities. All the publications that Deutsche Telekom has become aware of in recent years essentially involved the security of the network-side component for TR-069, the ACS.

The current attacks did not involve the ACS, however, but rather the endpoint for the connection request on the user device, which can be reached via port 7547/tcp. The attack method that was used is new and was unknown to date. According to our current information, it is based on a publication on the Internet from early November 2016. This publication describes a severe vulnerability in the implementation of the connection request on a router model produced by a third-party manufacturer – one that Deutsche Telekom does not use or distribute. The vulnerability not only allows access to the device's data model, but also the injection of coding that then runs on the affected router.

We suspect that the current extensive attacks on Internet routers, which also affect Deutsche Telekom customers, were launched over port 7547/tcp based on this publication. According to our analysis, the objective of the attack is to install malware on the routers to add them to a botnet – meaning they could be used as the remote-controlled infrastructure for future attacks.

The current attack was not designed to target Deutsche Telekom's Speedport routers, which means it does not exploit any vulnerability in Deutsche Telekom's Speedport routers. According to our current information, no Speedport routers are affected by the problem described in the Internet publication. This means it is not possible to install or run malware on a Speedport router with this method.

It is correct, however, that the extensive attacks resulted in malfunctions on individual Speedport models, which deactivated key router functions such as the DNS proxy. For our customers, this means their Internet access and IP telephony, for example, are disrupted. Thanks to network-side filter mechanisms we have implemented in the interim, restarting the device will usually solve such problems. In addition, firmware updates are already available for the most widely used router models – Speedport W 921V (incl. Fiber), Speedport W 723V model A, Speedport W 504V and Speedport entry I – that further improve the robustness of these models. These updates will be distributed to the devices through the Easy Support remote maintenance function and are also available to download under www.telekom.de/stoerung.

Related Topics
  • 6G R&I,
  • Access Evolution,
  • Announcement,
  • Broadband,
  • Deutsche Telekom,
  • Devices,
  • Europe,
  • Media & Entertainment,
  • News,
  • Standards,
  • Tracker

More Like This

Access Evolution

Lumentum And Coherent to combine, uniting global industry leaders to accelerate the future of photonics

Jan 19, 2021

Digital Platforms & Services

Atos and IBM Collaborate to Accelerate Digital Transformation in the Enterprise with AI and Red Hat OpenShift Technologies

Jan 19, 2021

NFV

BATM's NFVTime now available for public cloud networks

Jan 19, 2021

5G

Telefónica Deutschland/O2 continues to focus on profitable growth and further intensifies network expansion in Germany

Jan 19, 2021

Access Evolution

CommScope Files Patent Infringement Suit Against SOLiD in Germany

Jan 18, 2021

This content extract was originally sourced from an external website (Deutsche Telekom Media Center) and is the copyright of the external website owner. TelecomTV is not responsible for the content of external websites. Legal Notices

Email Newsletters

Stay up to date with the latest industry developments: sign up to receive TelecomTV's top news and videos plus exclusive subscriber-only content direct to your inbox – including our daily news briefing and weekly wrap.

Subscribe

Top Picks

Highlights of our content from across TelecomTV today

1:4:29

Great Telco Debate: Live Debate – Day 2 (On-demand)

1:18:20

Great Telco Debate: Live Debate – Day 3 (On-demand)

43:08

Developing an ecosystem for vRAN

2:23

The TelecomTV Snapshot: The Great Telco Debate 2020 - CSP Highlights

  • TelecomTV
  • Decisive Media

TelecomTV is produced by the team at Decisive Media

Menu
  • News
  • Videos
  • Channels
  • Directory
  • Smart Studio
 
  • Surveys
  • Debates
  • Perspectives
  • Events
  • About Us
Our Brands
  • TelecomTV Tracker
  • TelecomTV Perspectives
  • DSP Leaders
  • DSP Leaders World Forum
  • The Great Telco Debate
Get In Touch
[email protected]
+44 (0) 207 448 1070

Request a Media Pack

Follow
  • © Decisive Media Limited 2021. All rights reserved. All brands and products are the trademarks of their respective holder(s).
  • Privacy
  • Terms
  • Legal Notices