Adventures & Findings in ISP Hacking

Name: Adventures & Findings in ISP Hacking
Duration: 25 min
Description: A hobbyist offensive security engineer found that two Bay Area ISPs had left their control plane networks fully accessible to customers — one due to missing VLANs, the other through a chain of firmware vulnerabilities in an ADTRAN fiber modem. Basic vulnerabilities like trivially guessable passwords and command injection exposed ISP infrastructure to customers willing to poke around.

Ian Foster

BSidesSF 2025 — Here Be Dragons · Day 1 · Main

A hobbyist offensive security engineer found that two Bay Area ISPs had left their control plane networks fully accessible to customers — one due to missing VLANs, the other through a chain of firmware vulnerabilities in an ADTRAN fiber modem. Basic vulnerabilities like trivially guessable passwords and command injection exposed ISP infrastructure to customers willing to poke around.

AI review

Ian Foster went hobbyist ISP hunting, found no VLANs separating the control plane from customer traffic at ISP #1, and then found UART headers, a 15-hour flash dump, magic SysRq root bypass, and command injection in the ping field at ISP #2 — all in customer-premise equipment from a well-regarded Bay Area fiber provider. Old vulnerabilities, real networks, real disclosure story.

Watch on YouTube