Is this the home network snooping protocol? Will 369 be any more intrusive?
TR-069, a protocol that made broadband manageable, turns 20. What's coming next?
Technical report 69, or TR-069, which defines how people's broadband routers and other customer-premises equipment can be remotely provisioned and managed by ISPs automatically, is turning 20 years old. It's a protocol that made providing broadband internet a lot easier and straight forward for subscribers. Now's the time for …
COMMENTS
-
-
-
-
Friday 24th May 2024 14:26 GMT Peter Gathercole
Ditto.
I always turn it off. I want to manage the devices on my network, not have the ISP do it. I run with lots of options changed anyway, like I never use 192.168.0 as the address range for my internal devices, and I also run DHCP off another device, not the router (I have found that some routers DHCP implementation has a limit on the number of devices they can track the leases for, and I have a lot of devices on my network).
I don't want these things changed remotely if the ISP thinks they're not right!
-
-
Tuesday 11th June 2024 08:36 GMT hugo tyson
Re: Ditto squared
I turned it off when they kept changing the WiFi channel(s) to useless ones, and when by happenstance I realised the account website had a map of all my devices. MYOB about that one.
The solution from the ISP to "it keeps screwing up the WiFi" was to send a new router (!) which had the ability to turn it off. How stupid is that?
I won't name and shame but it was TalkTalk. (please don't bother with all the "what do you expect" and "use A&A instead" replies... :-) )
-
-
-
-
Friday 24th May 2024 17:11 GMT richdin
Now I am running only my own gear
I discovered TR-069 by accident when the ISP had removed the WiFi password on my box. Took hours of yelling and escalations to have them restore the greyed-out option. Two weeks later they did it again. Dumped that ISP and now only use my personally owned hardware. In retrospect I guess they did me a favor.
-
Sunday 26th May 2024 03:57 GMT Anonymous Coward
Re: Now I am running only my own gear
Pick an ailing democratic autocracy near you, and you will find TR-069 is an ubiquitous feature built into Customer Premises Equipment for several reasons that are constantly misunderstood. In most of these states, routers, gateways and modems with this 'feature' are supplied by the network provider, under the approval of state regulators and agencies.
1. Providers say they want to be able to look after their customers' kit, 'configure it for network changes', and like the idea that that they can force firmware updates into the customer systems. To do so, they are invariably happy to customise the firmware on these devices to prevent the subscriber from having any access whatsoever. In the event that their management or the firmware of the device fails, the customer is left in the dark, and open to any exploitable settings or vulns that the device has.
2. Many providers are not capable of maintaining kit in the own networks, let alone the equipment at the Customer Premises. Commonly it is never updated, and can even contain logical or configuration/service vulnerabilities when first installed.
3. Govs think it's good for everyone that their employees and contractors can gain access at will, (run nmap, pull logs, packet captures, collect credentials, and even start directly targeting the customer's security controls using the device to leap-frog in and out, exfiltrate data, etc.) or if they decide a citizen needs to be digitally investigated via their online 'back-end'.
4. None seem to care that hackers are able to exploit this back-door and any subsequent vulns to attack large numbers of subscribers in target geos, with the knowledge that few are watching and that the targets are unable to see any traces (logs, droplets, tools, and impacts)
5. Some networks ***require***, yep... they even mandate, the use of kit that has TR-069 implemented in each customer endpoint. If the network provider's kit is substituted, the equipment fingerprint will be different, and services withdrawn.
In these states, thou shalt not resist.
-