The cable industry has evolved from being a carrier of video to the supplier of all telecommunications needs in the home. That, of course, is a great thing for operators. But it also carries tremendous challenges.
One of those challenges is managing all those disparate consumer electronics devices efficiently and securely - and having granular enough control to do such things as perform upgrades and downgrades, put together special offers and otherwise leverage the technology platform to create revenue-generating business initiatives. Increasingly, operators rely on a Broadband Forum specification known as TR-069 as the control mechanism to do this.
The spec provisions, monitors and upgrades home networks. For instance, service providers can use TR-069 instead of disks for a subscriber’s initial provisioning. It also can initialize VoIP, provide WiFi with the proper SSID and myriad similar tasks, said Lincoln Lavoie, the vice-chair of the Broadband Forum’s Metallic Transmission Working Group.
These important tasks mean that TR-069 is a rich target for malevolent hackers (known as crackers). The dangers that lurk in TR-069 came to the forefront earlier this month when Shahar Tal, the Vulnerability Research Team leader for Check Point Software, were discussed in a paper and presentation at the Def Con 22 conference in Las Vegas.
Tal, in response to emailed questions, said that TR-069 is more commonly used by telcos, but that it is gaining popularity with cable operators. Lavoie echoed the ascendency of the specification among MSOs. He said that the industry has been seriously addressing the use of TR-069 for a couple of years and that its penetration is growing as equipment generations change and less functional protocols - mainly Dynamic Host Configuration Protocol (DHCP), Trivial File Transfer Protocol (TFTP) and the Simple Network Management Protocol (SNMP) - are phased out. He estimates that it will take five years to ramp up to full deployment - or close to it.
The increasing utilization means that more aggressive security must be implemented. Tal wrote that common security precautions often are not used and, thus, millions of users potentially are at risk. He added that there is no known case of the vulnerabilities left open being used by crackers, but that it could explain “some previous attacks where no other attack vector has been discovered.”
The first step for operators is to understand precisely what TR-069 does, how it is structured and the best practices and strategies for keeping it safe. It seems simple enough: Lavoie, who also is the senior engineer for broadband technologies at the University of New Hampshire, said that TR-069 is a Web service that enables the consumer electronics equipment in the home communicates with an auto configuration server (ACS) to carry out these tasks.
Lavoie said that the attraction for the cable industry is that it extends control beyond the set-top box or gateway to the individual devices within the home. In this way, it works in parallel with IPv6, the new addressing scheme that expands the number of Internet addresses so dramatically that such granular control is possible.
Lavoie and Jason Walls, the co-chair of Broadband Forum’s Broadband Home Working Group and the director of technical marketing at QA Cafe, said that there is nothing inherently less secure about TR-069 than any other Web service. The point is that what the protocol does is so valuable and the potential problems associated with its compromise are so much greater than most other services that it deserves more attention. The Broadband Forum, Walls said, offers a certification program for vendors.
Incognito Software offered an article by President and CEO Stephane Bourque on the security dangers of TR-069. The beginning of the piece suggests that TR-069 is well put together from a security perspective: The devices in the field initiate contact, which limits vulnerabilities and the data that is exchanged is not proprietary. Sensitive data such as MAC and IP addresses are not sent.
However, nothing that touches the Internet is without risk. Bourque suggests that "man in the middle," DoS attacks and open “northbound” interfaces - failure to put components behind a firewall - are dangers that must be considered. The sense, however, is that careful planning and deployment can protect TR-069.
The bottom line is pretty simple: TR-069 is a powerful specification that can offer tremendous benefits to cable operators. The good news is that no cutting edge vulnerabilities are introduced by the specification and that securing TR-069 involves only smart deployments, discipline and attention to detail. The danger is that TR-69 connects to sensitive data and, therefore is vital to protect.