Check Point® Software Technologies Ltd. (Nasdaq: CHKP), the worldwide leader in securing the Internet, today released its findings of security concerns in CPE WAN Management Protocol (CWMP/TR-069) deployments, used by major Internet Service Providers (ISPs) globally to control business and consumer home internet equipment such as Wi-Fi routers, VoIP phones, amongst other devices.
Researchers in Check Point’s Malware and Vulnerability Research Group uncovered a number of critical zero-day vulnerabilities that might have resulted in the compromise of millions of homes and business worldwide, through flaws in several TR-069 server implementations. Once compromised, the malicious exploitation could have led to massive malware infections, illegal mass-surveillance and privacy invasions, and/or service interruptions, including the disabling of an ISP’s Internet service. Attackers could also steal personal and financial data from huge numbers of businesses and consumers.
Further analysis detected an alarming number of insecure ISPs, vulnerable to remote takeover. Check Point has reported and assisted in fixing all uncovered vulnerabilities.
- If undiscovered, an attacker could have taken control of millions of Internet devices across the world, resulting in the ability to steal personal and financial data from businesses and consumers.
- Many TR-069 deployments include severe security weaknesses. Check Point encourages ISPs and other providers utilizing this protocol to evaluate their security posture immediately.
- Customers with the Check Point Intrusion Prevention System (IPS) Software Blade have automatically received protections against uncovered vulnerabilities.
Check Point will present its TR-069 research findings at DEF CON® 22 on Saturday, August 9, 2014 at 11:00AM PT in The Rio Hotel & Casino, Las Vegas. The session entitled, “I Hunt TR-069 Admins: Pwning ISPs Like a Boss” will be led by Shahar Tal, Vulnerability Research Team Leader at Check Point. More details on the session can be found here: https://www.defcon.org/html/defcon-22/dc-22-speakers.html#Tal.
“Check Point’s mission is to keep one step ahead of malicious attackers. The security flaws uncovered in TR-069 implementations could have resulted in catastrophic attacks against Internet Service Providers and their customers across the world. Our Malware and Vulnerability Research Group continues to focus on uncovering security flaws and developing the necessary real-time protections to secure the Internet,” said Shahar Tal, Vulnerability Research Team Leader at Check Point Software Technologies.
Check Point’s Malware and Vulnerability Research Group regularly performs assessments of common software to ensure the security of Internet users worldwide. For more information on other research findings from Check Point, visit: https://www.checkpoint.com/threatcloud-central/.
Follow Check Point via