Security B-Sides London 2017
7th of June 2017 at the ILEC Conference Centre 47 Lillie Road, London, SW6 1UD

Welcome to our schedule for the day! For more details on the talks, workshops, please visit our website.
Back To Schedule
Wednesday, June 7 • 16:45 - 17:30
A look at TR-06FAIL and other CPE Configuration Disasters

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
In late 2016 a TR-064 (LAN-side CPE management) misconfiguration in a wide range of CPE devices was disclosed that allowed for remote device takeover. Within days, botnets began exploiting a related command injection issue, leading to widespread internet outages for customers of certain ISP's in the UK and abroad.
This talk will explore the impacts of these issues, along with taking a look at some other, related vulnerabilities related to TR-069 (WAN-side CPE management) protocol implementations that could allow for remote takeover of routers en-masse.


Darren Martyn

Security researcher at Xiphos Research, who comes from a forensics/chemistry background, with interests in embedded device security and malware analysis.

Wednesday June 7, 2017 16:45 - 17:30 BST
Track 1