back to article TR-069, a protocol that made broadband manageable, turns 20. What's coming next?

Technical report 69, or TR-069, which defines how people's broadband routers and other customer-premises equipment can be remotely provisioned and managed by ISPs automatically, is turning 20 years old. It's a protocol that made providing broadband internet a lot easier and straight forward for subscribers. Now's the time for …

  1. Nick.fox

    Is this the home network snooping protocol? Will 369 be any more intrusive?

    1. Oh Matron!

      In the VERY first paragraph

      "TR-069, which defines how people's broadband routers and other customer-premises equipment can be remotely provisioned and managed by ISPs automatically"

    2. jlturriff

      Yeeeessss... that bulk data collection "feature" (it's also in TR-069) is rather unnerving; looks like it can return maps of one's local network devices. Also, what prevents one's ISP from bulk collecting one's data traffic?

      1. Martin an gof Silver badge

        So long as my next router has an option to turn it off, I'll be fine. I've had 069 turned off at the router since I first worked out what it was and why I didn't need it.

        M.

        1. Peter Gathercole Silver badge

          Ditto.

          I always turn it off. I want to manage the devices on my network, not have the ISP do it. I run with lots of options changed anyway, like I never use 192.168.0 as the address range for my internal devices, and I also run DHCP off another device, not the router (I have found that some routers DHCP implementation has a limit on the number of devices they can track the leases for, and I have a lot of devices on my network).

          I don't want these things changed remotely if the ISP thinks they're not right!

          1. Michael Wojcik Silver badge

            Re: Ditto.

            I've never even seen it on any home router I've had or set up for anyone else. Is this a European thing?

            1. I could be a dog really Bronze badge

              Re: Ditto.

              You won't see it on a lot of routers - especially the ISP provided ones. Reason ? They don't want you to be turning it off and creating support issues.

              It's just one of the many reasons for not using ISP supplied routers.

          2. hugo tyson
            Mushroom

            Re: Ditto squared

            I turned it off when they kept changing the WiFi channel(s) to useless ones, and when by happenstance I realised the account website had a map of all my devices. MYOB about that one.

            The solution from the ISP to "it keeps screwing up the WiFi" was to send a new router (!) which had the ability to turn it off. How stupid is that?

            I won't name and shame but it was TalkTalk. (please don't bother with all the "what do you expect" and "use A&A instead" replies... :-) )

  2. richdin

    Now I am running only my own gear

    I discovered TR-069 by accident when the ISP had removed the WiFi password on my box. Took hours of yelling and escalations to have them restore the greyed-out option. Two weeks later they did it again. Dumped that ISP and now only use my personally owned hardware. In retrospect I guess they did me a favor.

    1. Anonymous Coward
      Anonymous Coward

      Re: Now I am running only my own gear

      Pick an ailing democratic autocracy near you, and you will find TR-069 is an ubiquitous feature built into Customer Premises Equipment for several reasons that are constantly misunderstood. In most of these states, routers, gateways and modems with this 'feature' are supplied by the network provider, under the approval of state regulators and agencies.

      1. Providers say they want to be able to look after their customers' kit, 'configure it for network changes', and like the idea that that they can force firmware updates into the customer systems. To do so, they are invariably happy to customise the firmware on these devices to prevent the subscriber from having any access whatsoever. In the event that their management or the firmware of the device fails, the customer is left in the dark, and open to any exploitable settings or vulns that the device has.

      2. Many providers are not capable of maintaining kit in the own networks, let alone the equipment at the Customer Premises. Commonly it is never updated, and can even contain logical or configuration/service vulnerabilities when first installed.

      3. Govs think it's good for everyone that their employees and contractors can gain access at will, (run nmap, pull logs, packet captures, collect credentials, and even start directly targeting the customer's security controls using the device to leap-frog in and out, exfiltrate data, etc.) or if they decide a citizen needs to be digitally investigated via their online 'back-end'.

      4. None seem to care that hackers are able to exploit this back-door and any subsequent vulns to attack large numbers of subscribers in target geos, with the knowledge that few are watching and that the targets are unable to see any traces (logs, droplets, tools, and impacts)

      5. Some networks ***require***, yep... they even mandate, the use of kit that has TR-069 implemented in each customer endpoint. If the network provider's kit is substituted, the equipment fingerprint will be different, and services withdrawn.

      In these states, thou shalt not resist.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like