Deutsche Telekom will redouble its network and data security in the light of this week’s failed hack on its routers, which saw around 900,000 customers disconnected from telephone, broadband and television services.

Speaking yesterday at the European Communications/Mobile Europe IoT Conference 2016, Falk von Bornstaedt, Head of Group Peering and IP Trading at Deutsche Telekom, said: “It is wake-up call. It will mean a lot of investment in even more security.

“It will help us be even more secure in the future, and the management will invest a lot of energy into being more secure.”

von Bornstaedt restated that Deutsche Telekom was not the sole target for the attack, which sought to infiltrate customers’ routers via the TR-069 protocol with ‘Mirai’ malware, seize their control, and launch a wider attack on the internet.

“It wasn’t just Deutsche Telekom. It was a worldwide attack. And I wonder why Deutsche Telekom was in the press, and many other people are not. But somehow the focus has been on us,” he said.

At the event, Pen Test Partners, a group that tests security vulnerabilities in latest devices, said the Mirai botnet was limited but warned it was the “tip of the iceberg” for the telecoms and wider IoT community.

Tony Gee, Consultant at Pen Test Partners, explained: “Mirai is actually a rubbish attack tool. It uses SSH and Telnet. Hardly any of these devices connect to the internet using SSH and Telnet.

“Most connect to the internet and provide a web interface with 480 or 443. So if that was tailored to target those ports, you’d reach a whole lot of other devices. This is the tip of the iceberg.”

Gee also made the point that the “attack surface” for hackers will be multiplied with the rise of the IoT, predicted to cover 6.4 billion connected devices by the end of 2016, according to Gartner.

“If that many devices are all going to be internet connected, then they have the ability to be attacked,” he said.

Gee suggested internet routers were more advanced, generally, than IoT devices.

He said: “Because there have been a lot of attacks against routers, developers have started to put better security in place, whereas the IoT hasn’t gone thought that problem yet.”

Deutsche Telekom said today that vulnerabilities in remote maintenance functions for internet routers that use the TR-069 protocol were published several years ago, and involved the security of the ACS network side component, which it has looked to address.

It said the attack on its routers at the weekend, instead, involved the endpoint for the connection request to the router, reached via the 7547/tcp port.

“The current attacks did not involve the ACS. The attack method that was used is new and was unknown to date,” it said in a statement. 

It said it had traced the 7547/tcp vulnerability to a report from last month.

“The vulnerability not only allows access to the device's data model, but also the injection of coding that then runs on the affected router.

“We suspect that the current extensive attacks on internet routers, which also affect Deutsche Telekom customers, were launched over port 7547/tcp based on this publication,” it said.

“According to our analysis, the objective of the attack is to install malware on the routers to add them to a botnet – meaning they could be used as the remote-controlled infrastructure for future attacks.

“The current attack was not designed to target Deutsche Telekom's Speedport routers, which means it does not exploit any vulnerability in Deutsche Telekom's Speedport routers.

“However, that the extensive attacks resulted in malfunctions on individual Speedport models, which deactivated key router functions such as the DNS proxy.

“For our customers, this means their internet access and IP telephony, for example, are disrupted.”

Deutsche Telekom maintains its IP network remains unaffected.

It has advised customers to disconnect and reboot their routers if they suspect an attack.

An automatic software update is already in place, it said, and is being delivered to affected devices.

Separately, the company said it had appointed Johannes Pruchnow as Representative of the Deutsche Telekom Board of Management for Broadband Cooperation in Germany.

The operator said the appointment highlighted the importance of “rapid, comprehensive fibre-optic broadband build-out” in Germany.

Pruchnow will look to strengthen Deutsche Telekom’s cooperation with competitors.

More News

Iliad enters content game in France, finally launches Italian mobile business Iliad enters content game in France, finally launches Italian mobile business Iliad has acquired football rights in France and launched its opco in Italy as it looks to reboot after a disappointing set of financial results. More detail
Three UK appoints new CCO, CFO Three UK appoints new CCO, CFO The departure of Three UK's Chief Commercial Officer after just 18 months in the job has triggered a shake-up of the mobile operator's top team. More detail
TalkTalk to sell enterprise customer base to Daisy as it registers full-year loss TalkTalk to sell enterprise customer base to Daisy as it registers full-year loss TalkTalk has agreed to sell 80,000 business customers to rival Daisy Group in a £175 million deal. More detail
A1 Telekom Austria Group rebrand reaches Bulgaria A1 Telekom Austria Group rebrand reaches Bulgaria Bulgaria is the third A1 Telekom Austria Group opco to get rebranded as the telco looks to market itself as a provider of "advanced" IT, IoT, cloud and content services. More detail
Orange Business Services puts IoT to use on saving ships’ fuel costs Orange Business Services puts IoT to use on saving ships’ fuel costs Orange Business Services has expanded its work with Dobroflot by developing a customised IoT solution for the Russian fishing company. More detail


European Communications is now
Mobile Europe and European Communications


From June 2018, European Communications magazine 
has merged with its sister title Mobile Europe, into 
Mobile Europe and European Communications.

No more new content is being published on this site - 

for the latest news and features, please go to: