Deutsche Telekom fault affects 900,000 customers

Found on BBC News on Monday, 28 November 2016

"Based on the error pattern, we cannot exclude the possibility that the routers have been targeted by external parties with the result that they can no longer register on the network."

The company, which has 20 million customers in Germany, has issued a software update and is asking affected customers to disconnect their routers.

According to other security news, the reason behind it is a simple exploit attempt against some router models. Basically, port 7547 was available, and the implemented TR-069 protocol allowed code execution. Guessing from the payload, the router not only evaluated backticked code in an NTP-server soap value, but ran it with privileges high enough to cause problems. If all that turns out to be true, it leaves the Telecom red faced, because with even the most basic input validation this would have been a non-issue. Not to mention that TR-069 is a security issue in itself already.

Browse all articles« Previous « » Next »