Potential Security Vulnerability of TR-069-Managed Routers

Friendly Technologies and Check Point Software Technologies ran a joint assessment of Friendly Technologies' Automatic Configuration Server (ACS) software, in order to evaluate and validate that the product, deployed by the company's global Tier-1 customers, is secure.

Check Point is a worldwide leader in Internet security. Through a recent study of TR-069 ACS implementations, Check Point's Malware and Vulnerability Research Group uncovered several flaws in solutions from ACS vendors, since some xSPs do not implement TR-069 ACS software in a secure manner.

"By gaining access to such [ACS] servers, hackers or intelligence agencies could potentially compromise millions of routers and implicitly the home networks they serve," said Shahar Tal, vulnerability research team leader at Check Point Software Technologies, during the recent DEF CON® 22 in Las Vegas, NV.

Through their joint review of ACS software, both Friendly Technologies and Check Point were able to evaluate the latest version of the Friendly's TR-069 Device Management solution, focusing on security issues. Although no major security flaws were found, Friendly Technologies introduced additional features to improve its products' security level, in accordance with Check Point's recommendations.

"Friendly Technologies congratulates Check Point on its important mission ─ raising global awareness to the potential vulnerability of ACS software that is not secured and is open to hackers," said Nir Ezer, VP of Sales & Marketing at Friendly Technologies.

About Check Point Software Technologies

Check Point Software Technologies (http://www.checkpoint.com), the worldwide leader in securing the Internet, provides customers with uncompromised protection against all types of threats, reduces security complexity and lowers total cost of ownership. Check Point first pioneered the industry with FireWall-1 and its patented stateful inspection technology. Today, Check Point continues to develop new innovations based on the Software Blade Architecture, providing customers with flexible and simple solutions that can be fully customized to meet the exact security needs of any organization. Check Point is the only vendor to go beyond technology and define security as a business process. Check Point 3D Security uniquely combines policy, people and enforcement for greater protection of information assets and helps organizations implement a blueprint for security that aligns with business needs. Customers include tens of thousands of organizations of all sizes, including all Fortune and Global 100 companies. Check Point's award-winning ZoneAlarm solutions protect millions of consumers from hackers, spyware and identity theft.

About Friendly Technologies:

Friendly Technologies simplifies the deployment, management and monitoring of Data, Voice, Video & Smart Home services. Our innovative carrier-class products are built on industry TR-069 and OMA-DM standards supporting various device types, such as xDSL Routers, Home Gateway, RG/iAd, IPTV STBs (including OTT), ATA, VoIP Phone, WiFi, femtocells, dongles, smartphones, Mobile Hotspots, storage devices and more.

Friendly's product portfolio includes:

  • Friendly IoT Product Line - Management Platform and Embedded Clients (LwM2M, OMA-DM, TR-069)
  • Friendly Smart Home Management Platform
  • Friendly TR-069 Device Management for Data, VoIP and IPTV services