[Cryptography] Anyone else seeing an uptick in infected IoT devices? New botnet?
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Dec 7 21:26:59 EST 2016
Jerry Leichter <leichter at lrw.com> writes:
>See "New Mirai Worm Knocks 900K Germans Offline"
>(https://krebsonsecurity.com/2016/11/new-mirai-worm-knocks-900k-germans-offline/)
>and "Researchers Find Fresh Fodder for IoT Attack Cannons"
>(https://krebsonsecurity.com/2016/12/researchers-find-fresh-fodder-for-iot-attack-cannons/)
>for two recent examples.
Ugh, as soon as I saw the title of that first one I thought "TR-069", and
sure enough:
"incoming traffic destined for Port 7547 using communications protocols
known as TR-069"
If ever there was a protocol was designed to be insecure, it's that. And
what's worse is that in many SOHO-level routers it's impossible to disable,
since it's used by ISPs and vendors and everyone between Murmansk and Yakutsk
with an Internet connection to provision the routers.
For anyone not familiar with this horror, see
https://www.broadband-forum.org/technical/download/TR-069.pdf.
Peter.
More information about the cryptography
mailing list