With Nest WiFi, internet routers will double as Google Assistant smart speakers

With the promise of speedy internet for every room, Google's new mesh Wi-Fi system wants to give Google Assistant a bigger footprint in our homes.

Available in your choice of three colors, Nest Wifi Points extend the range of Nest Wifi setups -- and they double as Google Assistant smart speakers, too.

Juan Garzon/CNET

Google on Tuesday announced the launch of the Nest Wifi, a refreshed version of the company's popular mesh router system, Google Wifi. Available for pre-order today and set to arrive November 4, the system is comprised of a Nest Wifi Router that plugs into your modem and separate Nest Wifi Points that wirelessly extend the reach of its signal -- and which themselves double as Google Assistant smart speakers.

A two-piece setup with the Nest Wifi Router and one Nest Wifi Point will cost $269. A three-piece setup with the Nest Wifi Router and two Nest Wifi Points will cost $349, and promises to cover homes of up to 3,800 square feet. That's enough coverage for 85% of homes in the US, Google says.

Mesh, meet Google Assistant

Beyond spreading a speedy internet signal throughout your home, the Nest Wifi promises to spread the voice-activated intelligence of Google Assistant around your house, too. That's because each of those Nest Points now doubles as a fully functional Google Assistant smart speaker, complete with always-listening microphones and touch controls on the top of the device.

The goal, Google says, is to get users to keep these things out in the open as opposed to hiding them out of sight, where they won't relay their signals as well. To that end, the new Nest Wifi Points also come in your choice of three colors (snow, sand or mist), and you can buy one on its own for $149. The Nest Router only comes in white, and costs $169 on its own.

Enlarge Image

You'll see an ambient glow from the light ring around the base of the Nest Point whenever it's sending audio to Google's cloud to come up with a response. When the mics are muted, the ring will glow orange.

James Martin/CNET

"We realized that performance for the Wifi Point would double if it was off the floor, not hidden in a closet," said Ben Brown, Google product lead for the Nest Wifi. "Having a great design, having something you actually want to interact with, and having the Assistant on the device makes it actually so it's a much better Wi-Fi system."

You can use a Nest Wifi Point just like you'd use one of Google's other smart speakers, like the Nest Mini, which also made its debut today. You get its attention by saying "OK Google," and then you give it a question or a command, including new Wi-Fi-specific commands like asking for a speed test or to pause Wi-Fi to specific devices or groups of devices. A ring of white light around the base of the device will glow whenever it hears you, and to let you know that it's connecting with Google's cloud to come up with a response. If you want to turn the mics off, just flip the mute switch in the back.

We haven't had a whole lot of time to give it a close listen for ourselves, but Google says that the sound quality in each Nest Point is stronger than you might expect. That's because the need for extra space inside the device for the antennas and for heat dispersion means that there's also plenty of room to push sound around via the downward firing speaker, Brown says.

As for the touch controls on the top face of each marshmallowy device, you can tap the center to pause or resume playback, or tap the sides to turn the volume up and down. Like with the new Nest Mini, a set of indicator lights will glow when your hand draws near to show you where to aim for those volume controls.

Now playing: Nest Wifi puts Google Assistant into your router

 3:25

Faster than before -- but where's Wi-Fi 6?

That new Nest Router is an AC2200 model, which means that it supports current-gen Wi-Fi 5 connections with a maximum combined speed of about 2,200 Mbps across all bands -- up from about 1,200 Mbps last time around. Your actual speed will be a lot lower, since you can only connect to one band at a time, but like Google Wifi before, Nest Wifi will automatically "steer" you from band to band as you move about your house in order to keep your connection as swift and steady as possible.

Another upgrade: Nest Wifi now boasts four antennas for up to four simultaneous wireless connections (4x4). If you're using a client device like a MacBook Pro that can take advantage of those multiple antennas, then you'll be able to combine the speed of those simultaneous streams for a faster Wi-Fi experience.

Enlarge Image

You can spread Nest Wifi Points around your home to triangulate a better internet connection in every room. The previous version of the system is our top-rated mesh setup.

James Martin/CNET

All of the new hardware is also backwards compatible with first-gen Google Wifi setups, so you'll be able to add the new Nest Point extenders with their built-in speakers to your system if you've already bought in. And, if you decide to upgrade to the new Nest Router, your old Google WiFi access points will be able to connect to it and extend its signal, too.

As for the lack of support for next-gen Wi-Fi 6 features, Google suggests that it's still too early for the emerging standard in people's homes.

"It's really only 2022 by which point you're going to have a critical mass of [Wi-Fi 6] devices in the home, at which point Wi-Fi 6 will make sense in the home," said Sanjay Noronha, product lead for Nest Wifi. "And so, our philosophy is how do we make these products useful today?"

Google likely wants to keep its routers affordable, too. For reference, the Wi-Fi 6-ready version of Netgear Orbi, due out later this month, is slated to cost $700 for a two-pack with the router and a single satellite extender. Prices like that are out of reach for too many potential users, Noronha said.

Meanwhile, the newest Wi-Fi 5 version of Netgear Orbi costs $149 for a two-pack, and it supports built-in smart speaker functionality if you add in the $300 Orbi Voice extender with Alexa. Another competitor worth keeping an eye on: Amazon-owned Eero, which just released a new version of its Wi-Fi 5 mesh system as a $249 three-pack. That price is half the cost of the original, and an excellent indication that competition is heating up in the mesh category.

"We recognize that there's going to continue to be an evolution of technology, and we will continue to work on those evolutions," Brown said, "but we also want to make sure that we're delivering the best possible experience for everyone. And I think that we are very confident that this is what [Nest Wifi] represents today. And for the next, you know, five years, honestly."

Why do you need a VPN? (Don’t miss these 3 key security benefits.)

A virtual private network (VPN) encrypts all the data sent and received by a device connected to the internet. It does this by routing that data through the VPN’s private server. The core value of using a VPN is to prevent cybercriminals or internet service providers (ISPs) from snooping on or exploiting your unsecured internet activity.

A VPN protects you from this in three key ways, by allowing you to:

1. Encrypt unencrypted communications sent to and from your device
2. Disguise your browsing history
3. Connect anytime, anywhere, from any device

Dashlane’s VPN is available to all paying customers as part of our suite of digital identity protection and control features.

1. Encrypt unencrypted communications sent to and from your device

Public WiFi is very convenient for people who like to connect on the go. If you’ve ever connected to WiFi at an airport, hotel, or coffee shop, you’ve used public WiFi. But make no mistake—there is a security/convenience trade-off every time you connect to a public WiFi network.

Public WiFi networks are unsecured, which means that any unencrypted site or service you use on public WiFi could be compromised by man-in-the-middle (MitM) attacks. An MitM attack happens when a cybercriminal sits on an unsecured network and intercepts and/or modifies your unencrypted internet activity. This includes the ability to see unencrypted HTTP websites you visit and the information you submit on those websites, like your passwords. It also means a cybercriminal can modify a page or URL to trick you into submitting credentials for a normally secured site, like Gmail—otherwise known as phishing.

HTTP websites aren’t the only thing you may use online visible to a cybercriminal in a MitM attack. A number of voice over IP (VoIP) services are unsecured and unencrypted as well. VoIP is the technology that allows you to make audio calls over the internet instead of through your cellular provider’s network.

Any unencrypted internet activity can easily be intercepted and/or modified by cybercriminals via MitM attacks. A VPN encrypts all your unencrypted internet activity, from web surfing to VoIP calls and everything in between, blocking potential phishing opportunities available in a MitM scenario.

But aren’t most sites protected with HTTPS protocol?

While most popular sites use encrypted HTTPS protocol (instead of the unencrypted HTTP protocol), many of those popular websites don’t automatically redirect unsecure requests to the secure HTTPS protocol. That puts you at risk. This is also true with your email account settings. There are unsafe protocols used to receive, access, and send email, like POP3, IMAP, and SMTP. Using a VPN ensures that your browsing is always routed with encryption, and your email account settings use secure encryption protocols, like POP3S, IMAPS, and SMTPS. (The ‘S’ in all these acronyms stands for “secure”!)

2. Disguise your browsing history

What you do on the internet is private, right? Well, not really.

As it currently stands, internet service providers (ISPs) like Verizon or AT&T can have complete visibility into all of your browsing history.

They can do that because they attach your internet activity to your device’s IP address, which is a unique identifier for each device connected to the internet. This information includes your exact geographical location. They can collect personal data and may even use it to serve you ads.

A VPN disguises your device’s IP address, because all your traffic is routed through the IP address of the VPN’s server. So, your ISP can no longer see what websites you’re visiting or searches you’re making, since the traffic routed through the VPN is now encrypted.

3. Connect anytime, anywhere, from any device

A VPN is an incredibly useful tool for securing your online activity and protecting your privacy. But it would be useless if it only worked on certain devices or in specific geographic locations.

Dashlane’s VPN works instantly across all your devices, in any location around the globe, so you can stay connected and protected, no matter the situation.

via dashlane

Wi-Jacking: Accessing your neighbour’s WiFi without cracking

UPDATE (5th September 2018). Since we published our original report, Google has now resolved the underlying vulnerability. The latest update of Chrome (tested against version 69.0.3497.81) addresses the issue we highlighted in this blog, where credentials are auto-filled on unencrypted HTTP pages. This makes the attack require significantly more user interaction, in the same way that Firefox, Edge Internet Explorer and Safari do.  This makes the exploit much closer to a phishing attack and much less likely to succeed.

It is important to note that the latest version of Opera is still vulnerable as of 2018-09-05, but will hopefully also be quickly patched. This is a positive response from Google and is great to see following our original report to them in March 2018.

As per our originally-proposed solution, it would also be great to see Microsoft adjust captive portals in Windows to behave in a similar way to those in MacOS (separate browser) and for router manufacturers to enforce HTTPS management by defaults on their devices. These changes would further limit this vector of attack.

Original Article:

During a recent engagement we found an interesting interaction of browser behaviour and an accepted weakness in almost every home router that could be used to gain access a huge amount of WiFi networks.

The browser behaviour relates to saved credentials. When credentials are saved within a browser, they are tied to a URL and automatically inserted into the same fields when they are seen again. The accepted home router weakness is simply the use of unencrypted HTTP connections to the management interfaces.

By combining these two components it was possible to gain access to various networks without cracking a single handshake, which is the currently most-used method of gaining access to a WPA/WPA2 network but requires a weak passphrase. The attack should work on most networks, but there are a few pre-requisites that need to be met for the attack to succeed:

• There MUST be an active client device on the target network
• Client device MUST have previously connected to any other open network and allowed automatic reconnection
• Client device SHOULD* be using a Chromium-based browser such as Chrome or Opera
• Client device SHOULD** have the router admin interface credentials remembered by the browser
• Target network’s router admin interface MUST be configured over unencrypted HTTP

Without those five pre-requisites, the attack is not possible. However, those are all somewhat likely occurrences given that most browsers prompt users to save credentials automatically. The main pre-requisites that lower the likelihood are Chromium usage and saved router credentials, but this will still affect a huge number of people.

*Firefox, IE/Edge and Safari require significant user interaction, so attack does work, but is more of a social engineering based. With Chrome it is significantly more seamless.
**If the router’s admin interface credentials are not saved, it is still possible to attempt to guess default values

It is also important to note that the attack has been demonstrated against home routers by extracting the WiFi key directly from the web interface. However, other devices can be targeted if they have a semi-predictable URL that is exposed over unencrypted HTTP. Many IoT devices fit into this category but none were specifically tested here.

Before getting to the meat of the attack, we are assuming that you are already familiar with the Karma/Jassager attack. Karma is used in part of the workflow and if you are not familiar with it, consider reading the following article:

https://wiki.wifipineapple.com/legacy/#!karma.md

Now for the actual walkthrough

Step 1. Bring the client device onto a network we control:

The first step is to start sending deauthentication requests with aireplay-ng and with the Karma attack using ‘hostapd-wpe’, both with an Alfa AWUS036NHA.

Step 2. Trigger the browser to load our URL:

We did this with ‘dnsmasq’ and a Python script. When we see a HTTP request, we create a response redirecting to our URL and serve our own page.

The URL and served page are different depending on the router we’re targeting. We can detect which URL/Page pair to send based on BSSID and ESSID or just take a guess, the range of options is limited anyway.

There are some extra options for redirection too. By default, we allow HTTPS through untouched and wait for an HTTP request. But if this is taking too long, triggering captive portal detection on Windows will automatically launch the default browser at a URL we specify. However, there are limitations to triggering a captive portal, primarily against MacOS, which launches a separate browser specific to dealing with captive portals, preventing us from accessing stored credentials.

Step 3. Steal the autocomplete credentials:

This is where things get interesting. When our page loads, the browser makes two initial checks.

1. Does our URL origin match the router’s admin interface origin (protocol & IP address/hostname)
2. Do the input fields on the page match what the browser remembers of the router’s interface

If these two checks pass, then the browser automatically populates our page with the saved credentials. In this case, the router’s admin details. Naturally these input fields are completely hidden from the target.

If the target is using Chrome, there is one more step: The Chromium feature “PasswordValueGatekeeper” requires a user to interact with the page in some way. A click anywhere on the page is fine, and after the click we can harvest the credentials.

If the target is using Firefox, Internet Explorer, Safari or Edge, then we can’t have the input fields hidden. The attack would still work, but only if the target clicks on our form field and select their credentials from the drop-down instead. At this point the attack is mostly social engineering.

But let’s not stop here, these credentials are almost useless right now. There’s even a good chance we might have guessed them before we even started the attack (for example, admin:password) but we can’t use them from our current position on the outside of the network.

Step 4. Send the target to their home WiFi

Once we have the credentials, we want the target to keep our page open just a little longer. At this point we stop our Karma attack, releasing the target back to their own network.

Once the target device is successfully connected back to their original network, our page is sitting on the router admin interface’s origin with the admin credentials loaded into JavaScript. We then login using an XMLHttpRequest and grab the PSK or make whatever changes we need. In most WiFi routers that we tested, we could extract the WPA2 PSK directly from the web interface in plaintext, negating the entire need to capture a handshake to the network. But if a router hides the key, we could enable WPS with a known key, create a new access point or anything else we can do from within the router’s interface.

We wouldn’t even need to know the HTML structure of the router’s interface. We could just grab the entire page DOM, send it home and extract anything useful by hand. Using BeEF Project it would also be possible to proxy through to the page, granting the attacker access to the router interface as if they were logged in directly.

Solution

Fundamentally this is just a flaw in the way origins are shared and trusted between networks. In the case of home routers, they are predictable enough to be a viable target.

The easiest solution would be for browsers to avoid automatically populating input fields on unsecured HTTP pages. It is understandable that this would lower usability, but it would greatly increase the barrier to credential theft.

The most complete solution would be to implement HTTPS with trusted keys and certificates on these devices. But this requires support for custom HTTPS certificates as well as your own certificate management infrastructure, in an enterprise this is commonplace but for home users this is extremely unlikely. Vendors might consider implementing HTTPS on their devices by default, but those keys could simply be stolen by anyone with one of the devices by reverse-engineering the firmware.

Microsoft could also make the process more difficult to exploit by using a separate captive portal browser instead of simply launching the default browser similar to how MacOS behaves.

Disclosure Timeline

Chromium:

• SureCloud: Disclosed March 2nd
• Chromium: Response Received March 2nd (“working as designed”)

Microsoft

• SureCloud: Disclosed March 27th
• SureCloud: Chase Sent April 13th
• [Microsoft’s messages were all being flagged as spam]
• Microsoft: Response Received May 25th (Clarification requested)
• SureCloud: Clarification Sent June 4th
• Microsoft: Case opened June 5th
• Microsoft: Requested disclosure details June 6th
• SureCloud: Clarification sent June 6th
• Microsoft: Flagged for consideration, but no immediate action June 21st

Asus

• SureCloud: Disclosed March 21st
• Asus: Responded March 22nd (Discussing with engineers)
• SureCloud: Discussing solutions April 4th
• SureCloud: Sent notice to publish May 25th
• Asus: Discussing solutions June 11th
• SureCloud: Discussing solutions and notice to publish July 11th

Following the discussions with ASUS, it’s became clear we’d exhausted all options for ethical disclosure with this Proof of Concept.

References

While this was only discovered after disclosing to Chromium, someone named Chris had beaten us to the underlying idea. We have however taken it much further and demonstrated a real-world attack.

Original report: https://bugs.chromium.org/p/chromium/issues/detail?id=777272

Our submission (merged into original): https://bugs.chromium.org/p/chromium/issues/detail?id=818156

Tools

All the tools used to perform the attack are standard components of Kali except for router specific payloads themselves and the selection script.

A copy of the scripts we’ve used can be found here:

https://gitlab.com/eth01/Wi-Jacking-PoC

These are Proof of Concept only and the community will no doubt take this attack much further. The long-term goal is to build a module for the WiFi Pineapple to automate the attack, with this is expected in the coming months.

Video

Mitigations

As highlighted we are exploiting ‘by design’ features, which will hopefully change with public release of this article. However, in the meantime there are a few key steps that can be taken to help protect yourself:

• Only login to your router using a separate browser or incognito session
• Clear your browser’s saved passwords and don’t save credentials for unsecure HTTP pages
• Delete saved open networks and don’t allow automatic reconnection
• As it is nearby impossible to tell if this attack has already happened against your network, change your pre-shared keys and router admin credentials ASAP. Again, use a separate/private browser for the configuration and choose a strong key.

via surecloud

New Gigacheck Wireless Analyzer Offers Smartphone App Connectivity to Test WiFi and Ethernet Connection Speeds

Press Release Summary:

Greenlee Textron Inc. announces GigaCheck in AirScout® line of wireless analyzers for testing Wi-Fi coverage and wired Ethernet connection. It measures signal to noise ratio, PHY rate and transmit/receive success rates on wireless networks using the industry standard Ookla® Speedtest®. The analyzer provides technicians with tools to validate connection speed on wireless and Ethernet networks and verify whether the customers receive the connection speeds they pay for and expect.

---

Original Press Release:

Greenlee Communications Launches AirScout GigaCheck

Easily Verify Network Connection Speeds with Greenlee® Communications AirScout® WiFi® Test System

AirScout® GigaCheck Tests WiFi and Ethernet Connection Speeds up to a full Gigabit

Vista, Calif., (June 19, 2018) — Greenlee Textron Inc., a Textron Inc. (NYSE: TXT) company, announces the addition of GigaCheck to its award-winning AirScout® line of wireless analyzers. Controlled via Smartphone app, GigaCheck tests Wi-Fi coverage as seen from the residential gateway and tests wired Ethernet connection upload and download speeds up to 1Gb in real-time.

“Today’s customer demands dependable, high-speed services and expects their service provider will deliver the speed they pay for. AirScout GigaCheck gives technicians the tools needed to quickly and easily validate connection speeds on both wireless and ethernet networks,” explains Oleg Fishel, Director of PLM for Greenlee Communications.

AirScout GigaCheck measures Signal to Noise Ratio, PHY Rate and transmit/receive success rates on wireless networks using the industry standard Ookla® Speedtest®. Upload/download and Ping tests are performed on both Ethernet and WiFi for real-time speed testing.

The AirScout unit connects to the wireless router in one-click and is controlled via a smartphone app. The simple connection and intuitive user interface of the app make it easy for technicians to verify customers are receiving the connection speeds they pay for and expect. Technicians define pass/fail thresholds based upon their SLA and can generate reports and save them in the Cloud for easy transference and transparency of test results.

BTR, Broadband Technology Report, awarded AirScout Enterprise the 2017 Diamond Technology Winner in Wi-Fi Solutions. For more information on the complete AirScout line, visit www.getairscout.com.

Greenlee, under its Greenlee Communications brand, develops Ethernet, Transport, C37.94, Fiber, DSL, Wi-Fi and Copper test solutions, tracing and locating equipment, and fiber/cable jet installation equipment. A broad product portfolio, coupled with solutions-branded Greenlee Utility®, HD Electric Company® and Sherman + Reilly®, creates a single source partner providing unmatched value to the communications and utility markets.

Greenlee Communications

The Greenlee Communications brand offers a complete line of innovative and industryleading test and measurement solutions for the communication service provider industry. Our expertise and innovative solutions address all stages of network deployment enabling the development, installation and maintenance of xDSL, fiber, cable and wireless networks. It is a leading brand of test and measurement solutions in the global communications industry with a long track record of delivering high quality innovative solutions enabling technicians to achieve their goals in a timely manner and with confidence.

Greenlee Textron Inc.

Greenlee Textron Inc. is known as a global leader in the professional tool category. The Rockford, Illinois-based company develops high quality innovative products distinguished by customer-driven design and differentiated by supply chain excellence. It also leverages its powerful brands such as Greenlee Communications and Greenlee Utility in the electrical, construction and maintenance markets worldwide. More information is available at www.greenlee.com.

About Textron Inc.

Textron Inc. is a multi-industry company that leverages its global network of aircraft, defense, industrial and finance businesses to provide customers with innovative solutions and services. Textron is known around the world for its powerful brands such as Bell, Cessna, Beechcraft, Hawker, Jacobsen, Kautex, Lycoming, E-Z-GO, Greenlee, Textron Off Road, Arctic Cat, Textron Systems, and TRU Simulation + Training. For more information, visit: www.textron.com.

Certain statements in this press release may describe strategies, goals, outlook or other non-historical matters; these forward-looking statements speak only as of the date on which they are made, and we undertake no obligation to update them. These statements are subject to known and unknown risks, uncertainties, and other factors that may cause our actual results to differ materially from those expressed or implied by such forward-looking statements.

IoT Security, Parental Controls, VPN & Dynamic DNS For Homes.

ENTERPRISE GRADE FIREWALL ROUTER FOR SAFER & SMARTER HOMES

Cybersecurity, Parental Controls & VPN Services For Your Home via Roqos Core routers.

https://www.roqos.com/

Roqos VPN provides you a secure Internet experience by encrypting all your connections and routing them to your home router. You can browse safely from public Wi-Fi, access your connected devices in your home remotely, and enjoy streaming services while away from home.

Roqos Home app helps you setup and manage your Roqos Core Wi-Fi VPN router.
Roqos subscription service comes with Roqos Core to help you take control of your home network and Internet access.

ENTERPRISE GRADE CYBERSECURITY
A trusted cybersecurity technology that inspects the traffic on your network and automatically blocks threats traditional software or hardware solutions may not detect.

CONTENT FILTERS
Control what your kids can access online by selecting from preset filter categories or creating your own custom filter lists.

SCHEDULES
Set schedules to pause the Internet for your kids’ devices on certain days and times.

PAUSE INTERNET
Instantly pause internet for family members with a single tap.

GUEST WiFi
Share your internet securely with your guests. Text or email them a temporary access code valid for number of days.

MANAGE CONNECTED DEVICES
See a list of all devices connected to your network and control their access.

VPN-IN
Securely connect to your home network from public networks anywhere in the world and access devices at home.

KIDS VPN
Enforce all parental control filters and schedules on your kids’ devices even when they are away from home.

VPN-OUT
Prevent your Internet Service Provider from collecting data on your usage by encrypting Internet traffic between Roqos Core and Roqos VPN servers.

COUNTRY BLOCK
Restrict internet traffic from select countries to protect yourself from threats originating from those countries.

ALERTS
Be in the know about what’s happening on your network via notifications sent to your phone and inbox.