Too Many Cooks - Exploiting the Internet-of-TR-069-Things

Lior Oppenheim and Shahar Tal

TL;DR We unravel the story of a bug that would become one of the most important vulnerabilities released this year. Also, we have free cookies.
The findings we published earlier this year demystified the voodoo that is TR-069, demonstrated how mass pwnage can be achieved via server-side attacks, and proved the landscape is ripe for harvesting. We will continue where we left off to explore TR-069 client-side vulnerabilities; we analyze client implementations, pour some insight into mysterious results from our internet-wide scans, and follow to mass pwnage through remote code execution on millions of online devices. again.