New router-based solution protects home IoT devices

As we bring more and more smart devices into our homes, we potentially open ourselves up to a variety of new risks with devices opening back doors into networks or falling prey to botnets.

German antivirus company Avira is launching a new approach to home security which needs no new infrastructure on the domestic network and no configuration done by the user.

SafeThings sits within the home router and works with cloud-based machine learning. Avira licenses the product to router manufacturers and internet service providers, enabling them to protect networks from misuse and to deliver value-added IoT security services directly to end users.

"At Avira, we have been at the forefront of Artificial Intelligence innovation for a decade, being the first vendor within the security industry to identify how to apply AI to our field and to do it," says Travis Witteveen, CEO of Avira. "We have a wealth of experience in protecting both the privacy of end-users and the security of their traditional devices. Today we stand alone in the cyber security industry with the introduction of Avira SafeThings, an innovative router app and behavioral threat intelligence platform that secures all IoT devices in the home. We've designed SafeThings to effectively solve the IoT vulnerabilities without being too invasive, expensive, or complicated for the end user -- and we've done this in a way that provides additional benefits for the internet service providers and router manufacturers."

SafeThings is made up of a number of modules, Protection Cloud builds category and individual device profiles to create device management and rule definitions and automatically protect the device functionality. By analyzing metadata on gateway traffic, no invasive deep packet inspections are needed.

The Sentinel module is a software agent positioned at the gateway to each smart home, embedded in the firmware on the router, Sentinel fingerprints IoT devices and collects packet header metadata for AI analysis. After communicating with Protection Cloud, Sentinel enforces protection and communication rules.

A web-based user interface shows users in real time what each IoT device in their network is doing and enables them to see and modify firewall policies and device rules. There's also a Data Forefront API service that lets service providers and OEMs access and control SafeThings functionality, for example to drill down into specific details and control rules and actions to be taken in case of a compromised device.

It also allows for custom plugins to let SafeThings clients offer their end users additional security apps via a branded secure app store. These integrated services such as VPN or parental controls would operate at router level with management in the cloud.

"We see SafeThings as a 'B2B2C' product, providing consumers with the security and privacy protection they need while delivering it to them via the internet service providers and router manufacturers. As an embedded software solution, SafeThings is imminently flexible according to each client’s technical and marketing needs,” adds Witteveen.

You can find out more on the Avira website.

Image Credit: lucadp / depositphotos.com

via betanews

A Hacker's Tool Kit - Cybercrime is growing ever more pervasive—and costly.

Cybercrime is growing ever more pervasive—and costly. According to researcher Cybersecurity Ventures, the annual cost of cybercrime globally will rise from $3 trillion in 2015 to $6 trillion in 2021. Enabling this boom are thriving marketplaces online, where hackers sell tools and services to criminals. Virtually anything is available for the right price, points out Andrei Barysevich, director of advanced collection (“a fancy name for ‘spy,’ ” he says) at threat intelligence firm Recorded Future. A former consultant for the FBI’s cybercrime team in New York, Barysevich trawled the shadiest corners of the web to compile the cybercrime shopping list above, exclusively for Fortune. In the market for some basic malware? It’ll cost you as little as $1.

via fortune

How to Prepare Wi-Fi Networks for Smart Devices

Before you plug in and fire up those smart light bulbs, appliances or television you need to prepare your Wi-Fi network to ensure your speeds and security are not affected by the presence of this new equipment.

It is estimated by research firm IHS that the IoT market will grow from an installed base of 15.4 billion devices in 2015 to 30.7 billion devices in 2020 and 75.4 billion in 2025. Our washing machines, coffee pots, thermostats, lights, probably even the toilet and the kitchen sink will all be hooked up to our home Wi-Fi networks. While this will likely lead to more convenience when it comes to home management and maintenance it will also create bottlenecks on home networks slowing down your smart phone, tablet and laptops.

Before you plug in and fire up those smart light bulbs, appliances or television you need to prepare your Wi-Fi network to ensure your speeds and security are not affected by the presence of this new equipment. Most people plug in their Wi-Fi router and never worry about it again, unless they are calling their internet provider to complain about an outage or slow connection. It might not be your provider though, your type of router, where it is placed, the bandwidth of the router and the number of devices you have connecting to it at home could be to blame for your Wi-Fi headaches.

1. Location, location, location. Router location plays a major role in the range and efficiency of a Wi-Fi network. Placing a router in a cabinet or an out of the way room might make your home look less cluttered but this also blocks the signal with doors and walls, plus everything inside your walls, from reaching the areas of your home where you are trying to use your devices. Use a Wi-Fi analytics app to check your Wi-Fi signal strength at each of the locations that you plan to put smart home devices. Be sure that the signal strength is at least 60% at each of those locations. Also check the signal strength where you normally sit to use your laptop, tablet and phone.

2. Flex Wi-Fi muscle. If you have a smaller home and need more coverage look for a high-power router that has more internal and external antennas than your current router model. If you have a larger home, consider using range extenders or a whole home Wi-Fi system.

3. Read the label. When shopping for a new router some of the key terms to look for include AC1900 as a minimum speed and MU-MIMO Technology. While your connection speeds will ultimately be determined by the level of speed you pay for through your internet service provider if you do not have a router equipped to handle the fastest speeds available today you will always experience a slower connection. MU-MIMO is desirable in homes with multiple devices and internet users. Instead of creating a queue of connection requests that are handled in order like a traditional router would do, MU-MIMO routers serve data to more devices at once without limiting speeds. This is critical in homes with smart devices as the total count of devices can add up quickly.

4. Make it ironclad. We all know that hackers have a variety of ways to trick us into giving them access to our digital accounts and methods of stealing account information and passwords from companies we do business with; however, that doesn’t mean we should just give up and let them into our networks freely. You need to make sure your network is secure as possible. If you are deciding between two routers and one offers added layers of security with virus protection and malware detection, for example, pick the one that is focused on security. Also, be sure to set up complex, hard to crack passwords. Never leave your Wi-Fi open without a password. Even guest networks should require one for access. Also, any time you have an issue with your email being hacked or one of your online accounts is breached, change your Wi-Fi password along with all your other accounts, just to be safe.

To recap;

1. Position your router in an optimal location, as central as possible.
2. Test your Wi-Fi signal strength with a signal strength tool, be sure to check all locations where smart devices will live.
3. If weak spots are found, try a High-Power Router or a Range Extender. If you want a seamless network, try a Whole Home Wi-Fi System.
4. Use a router that supports at least AC1900 speeds and MU-MIMO technology.
5. Keep your network secure with hard-to-crack passwords and built-in protection from other web threats like Malware.

via HomeToys

Update your Android now – many holes fixed including ‘BroadPwn’ Wi-Fi bug

Google’s July 2017 security fixes for Android are out.

As far as we can see, there are 138 bugs listed, each with its own CVE number, of which 18 are listed with the tag “RCE”.

RCE stands for Remote Code Execution, and denotes the sort of vulnerability that could be abused by a crook to run some sort of program sent in from outside – without any user interaction.

Generally speaking, RCE bugs give outsiders a sneaky chance to trigger the sort of insecure behaviour that would usually either pop up an obvious “Are you sure?” warning, or be blocked outright by the operating system.

In other words, RCEs can typically be used for so-called “drive-by” attacks, where just visiting a web page or looking at an email might leave you silently infected with malware.

The majority of the July 2017 RCE bugs in Android appear under the heading “Media framework”, which means they are Android flaws that are exposed when files such as images or videos are processed for display.

Like the infamous Stagefright bug in Android back in 2015, bugs of this sort can potentially be triggered by actions that don’t arouse suspicion, because images and videos can unexceptionably be embedded in innocent-looking content such as MMS messages and web pages.

There’s also an RCE bug in Android’s built-in FTP client – this one affects all Android versions still getting patches, from 4.4.4 all the way to 7.1.2.

We’re not sure how easy it is to trigger this bug, but we’re assuming it’s tricky to exploit because Google gives it only a moderate rating.

(Mild risk ratings are unusual for RCEs – they usually attract a high or critical rating because there’s a lot at stake if an RCE vulnerability does get exploited.)

“Proximate attacker” warning

The most intriguing bug this month, however, is an RCE flaw in the Broadcom Wi-Fi code that’s used by Android devices equipped with certain Broadcom wireless chips.

According to Google, “a proximate attacker [could] execute arbitrary code within the context of the kernel”.

In plain English, that means a crook who’s within Wi-Fi range could fire off booby-trapped network packets at your Wi-Fi hardware, trigger a bug in the wireless device…

…and end up with the same programmatic powers as the Android operating system on your device.

Given that the Android kernel is responsible for keeping your apps apart, for example by preventing the new fitness app you just installed from sneaking a look at your browsing history, a security compromise inside the kernel itself is about as serious as it gets.

Unfortunately, we can’t yet give you any real detail about the Broadcom RCE patch.

The researcher who found the bug will be presenting his findings at the end of July 2017 at the Black Hat 2017 conference in Las Vegas.

Until then, all we really have are teasers for his forthcoming talk, and a the funky-sounding name BroadPwn for the vulnerability.

(Understandably, no one who’s about to unveil a cool exploit at Black Hat wants to risk giving away a TL;DR version before the talk takes place – that would be like leaking the names of the Oscar winners a week before the awards ceremony.)

Interestingly, back in April 2017, a number of security issues in Broadcom wireless firmware were found to affect both iOS and Android devices – so if you’re an iPhone user, don’t be surprised if this month’s Google patches are quickly followed by a security patch from Apple, too.

What to do?

As usual, we’re going to repeat our usual mantra: “Patch early, patch often.”

What we can’t tell you is when the vendors of devices other than Google’s own Nexus and Pixel phones will be ready with their patches – if you’re worried, ask your vendor or the carrier who supplied your device.

Also, we can’t give you a handy list of the thousands of different Android devices out there that not only include Broadcom wireless cards but also have firmware that’s affected by the BroadPwn bug.

Once again, if you are worried, ask your supplier or mobile carrier.

Having said that, we can offer you Sophos Mobile Security for Android, 100% free of charge: although it won’t patch the abovementioned security holes for you, it will stop you from browsing to risky websites and from downloading booby-trapped adware and malware apps.

A good Android anti-virus not only makes it harder for crooks to push risky content onto your device but also stops them pulling you towards phishing pages, survey scams and other criminally oriented websites.

via nakedsecurity

Top 10 Ways to Boost Your Home Wi-Fi

Update your iPhone to avoid being hacked over Wi-Fi

It’s only been five days since Apple’s last security update for iOS, when dozens of serious security vulnerabilities were patched.

As we mentioned last week, the recent iOS 10.3 and macOS 10.12.4 updates included numerous fixes dealing with “arbitrary code execution with kernel privileges”.

Any exploit that lets an external attacker tell the operating system kernel itself what to is a serious concern that ought to be patched as soon as possible – hesitation is not an option.

After all, it’s the kernel that’s responsible for managing security in the rest of the system.

Sophos Home

Free home computer security software for all the family

Learn More

Take this analogy with pinch of salt, but an exploit that gives a remote attacker regular user access is like planting a spy in the Naval corps with a Lieutenant’s rank.

If you can grab local administrator access, that’s like boosting yourself straight to Captain or Commodore; but if you can own the kernel (this is not a pun), you’ve landed among the senior Admiral staff, right at the top of the command structure.

So make sure you don’t miss the latest we-didn’t-quite-get-this-one-out-last-time update to iOS 10.3.1:

iOS 10.3.1

Released April 3, 2017

Wi-Fi

Available for: iPhone 5 and later, 
               iPad 4th generation and later, 
               iPod touch 6th generation and later

Impact:        An attacker within range may be able to 
               execute arbitrary code on the Wi-Fi chip

Description:   A stack buffer overflow was addressed 
               through improved input validation.

CVE-2017-6975: Gal Beniamini of Google Project Zero

This is rather different from the usual sort of attack – the main CPU, operating system and installed apps are left well alone.

Most network attacks rely on security holes at a much higher level, in software components such as databases, web servers, email clients, browsers and browser plugins.

So, attacking the Wi-Fi network card itself might seem like small beer.

After all, the attacks that won hundreds of thousands of dollars at the recent Pwn2Own competition went after the heart of the operating system itself, to give the intruders what you might call an “access all areas” pass.

Nevertheless, the CPU of an externally-facing device like a Wi-Fi card is a cunning place to mount an attack.

It’s a bit like being just outside the castle walls, on what most security-minded insiders would consider the wrong side of the moat and drawbridge.

But with a bit of cunning you may be able to position yourself where you can eavesdrop on every message coming in and out of the castle…

…all the while being ignored along with the many unimportant-looking peasants and hangers-on who’ll never have the privilege of entering the castle itself.

Better yet, once you’ve eavesdropped on what you wanted to hear, you’re already on the outside, so you don’t have to run the gauntlet of the guards to get back out to a place where you can pass your message on.

What to do?

As far as we know, this isn’t a zero-day because it was responsibly disclosed and patched before anyone else found out about it.

Cybercrooks have a vague idea of where to start looking now the bug that has been described, but there’s a huge gap between knowing that an exploitable bug exists and rediscovering it independently.

We applied the update as soon as Apple’s notification email arrived (the download was under 30MB), and we’re happy to assume that we’ve therefore beaten even the most enthusiatic crooks to the punch this time.

You can accelerate your own patch by manually visiting Settings | General | Software Update to force an upgrade, rather than waiting for your turn in Apple’s autoupdate queue.

via nakedsecurity

5 Tools to Check if Someone is Using my Wireless Network (WiFi)

WiFi technology is everywhere these days and it seems almost every electronic device around has a wireless network connection of some sort. Laptops, tablets, smartphones, digital cameras, printers, gaming consoles, smart watches and many other devices can connect to each other or the internet through a WiFi connection. But a wireless network setup also presents its own set of problems when it comes to your own home network and the devices attached to it.

Naturally, setting up your own WiFi network with adequate protection like WPA2 and a strong password is vital, but that still doesn’t mean people you don’t know about aren’t using your network without your knowledge. It’s entirely possible friends, neighbors or family members have shared the WiFi credentials with others and people you don’t even know could have access to your network and your shared files. Even though many routers have additional security measures such as MAC address filtering, these might not be configured or someone has circumvented them.

A lot of modern routers will give you a list of the wired and wireless devices making a connection to the network, but some do not and some people wouldn’t actually know how to find that information. Another simple way is using a tool to get the list of connected devices, here’s 5 for you to try out.
Read More: https://www.raymond.cc/blog/how-do-i-know-if-someone-is-using-my-wireless-network-wifi/

1. Wireless Network Watcher

Wireless Network Watcher is by Nir Sofer and is another one of his many utilities that simply does what it says on the tin. The good thing is it requires no setting up of IP address ranges and starts scanning your main network adapter automatically for connected devices. If you wish to scan a different adapter or a custom IP address range, use the Advanced Options by pressing F9.

Scanning the IP range is fast and only takes a few seconds, after which you get information like IP, device name, MAC address, adapter manufacturer, detection count and activity state. While Wireless Network Watcher is open a background scan continuously looks through the IP range to detect new and disconnected devices, you can set a tray balloon and audio warning when devices are detected or disconnected. The background scan interval can be set in seconds through the Advanced Options windows (F9). A portable or installer version is available.

Download Wireless Network Watcher 

---

2. SoftPerfect WiFi Guard

WiFi Guard is like a cutdown and more basic version of the excellent SoftPerfect Network Scanner which is more suited just for detecting unknown or unauthorized network connections. This tool will scan your network for connected devices and rescan every xx minutes, popping up a message if an unknown connection has been found.

If you have more than one active network adapter the program will popup the settings window on launch to select the adapter you want to scan, otherwise you will be taken to the main window where pressing Scan Now will detect all devices connected to the network. For every red marked connection you know is authorized, double click on it and tick the “I know this computer or device” box, that will tell the program to ignore the device on rescans as it’s known. While running or minimized WiFi Guard will rescan between 0 and 60 minutes (default is 30 mins) and popup a message on screen if a new unknown device has been detected.

As mentioned above, there is Softperfect Network Scanner  which is one of the most comprehensive scanning and administration tools of its type. It can also be used for scanning and identifying wireless connections but it won’t scan every number of minutes and warn you on unknown connections. Both WiFi Guard and Network Scanner have portable and installer versions.

Download Softperfect WiFi Guard 

---

3. Advanced IP Scanner

This is an all round network administration tool that can do a number of tasks in addition to scanning your network for connections. There’s also remote options to Wake-on-LAN and shutdown, connect via HTTP/FTP as well as remote control with Remote Desktop and Radmin. Of course, those features are unnecessary for simply scanning your network for wireless connections.

By default Advanced IP Scanner will set the address ranges for all connections on the computer, only the range that the WiFi connections are likely to be on will need to be scanned, such as 192.168.0.1 – 192.168.0.254. If you only have one active connection, there’s no need to touch the IP range. After the scan, all connections will show along with the wireless device manufacturer, MAC address and its name. Advanced IP Scanner doesn’t have to be installed and the option to run it as portable can be selected when running the setup executable.

Download Advanced IP Scanner 

---

4. Angry IP Scanner

Angry IP Scanner is a multi platform tool that works on Mac and Linux as well because it’s Java based, this will obviously mean the Java Runtime Environment needs to be installed on your computer. The tool simply pings every IP address in the selected range for a response and then displays the result along with the information you ask for in the Fetchers window.

To select a range of addresses to scan, enter them yourself or click the IP button and select the correct network adapter. Then click the drop down to its right to choose the range, /26 will scan up to 63, /24 will scan up to 255 and etc. You can also choose our own IP list text file if you have a complicated setup. The scanning process is quite fast because the program scans using multiple threads. To see the result of all scanned addresses, go to Tools > Preferences > Display and choose “All scanned hosts”, this will reveal other possibly connected devices that are not responding to pings. Portable and installer versions are available.

Download Angry IP Scanner 

---

5. Who Is On My WiFi

This tool is a little different from the others because its main task is to identify the computers on your network and warn you when unknown or unidentified connections are made. Unfortunately one of its most useful functions of blocking unknown or suspicious connections is only available if you sign up for a paid subscription, plans start at a slightly steep $9.95 per month. The free version however, still lets you scan and find devices on your network.

The first thing required is to configure the address range to scan from the default by clicking the Settings button and entering the the range you need for your network, such as 192.168.0.1-254. If you are not sure go to the Diagnostic tab in Settings and click “Detect IP Ranges” to see what your network is currently using. Then run a scan and devices on the network will be identified. Select all known connections in turn and set their state to KNOWN from the drop down, then optionally give each a description.

If you keep Who Is On My WiFi running in the background it pops up a visual and audible message when an unknown network device is detected, by default it will scan every 5 minutes although you can change this time to between 2 and 10 minutes in the settings. Make sure to close Who Is On My WiFi from the tray icon if you don’t wish to use the monitoring feature.

Download Who Is On My WiFi 

Note: We did test a few other network scanning tools called LanSpy  and Lizardsystems Network Scanner  but they were quite inconsistent in detecting wireless networks. Sometimes they would show up, sometimes they would be missing even though the tools in our list had no such difficulty. If you want to use those tools to search for wireless connections, do so with caution.

via Raymond CC

Read More: https://www.raymond.cc/blog/how-do-i-know-if-someone-is-using-my-wireless-network-wifi/

All the Ways Your Wi-Fi Router Can Spy on You

City dwellers spend nearly every moment of every day awash in Wi-Fi signals. Homes, streets, businesses, and office buildings are constantly blasting wireless signals every which way for the benefit of nearby phones, tablets, laptops, wearables, and other connected paraphernalia.

When those devices connect to a router, they send requests for information—a weather forecast, the latest sports scores, a news article—and, in turn, receive that data, all over the air. As it communicates with the devices, the router is also gathering information about how its signals are traveling through the air, and whether they’re being disrupted by obstacles or interference. With that data, the router can make small adjustments to communicate more reliably with the devices it’s connected to.

But it can also be used to monitor humans—and in surprisingly detailed ways.

As people move through a space with a Wi-Fi signal, their bodies affect it, absorbing some waves and reflecting others in various directions. By analyzing the exact ways that a Wi-Fi signal is altered when a human moves through it, researchers can “see” what someone writes with their finger in the air, identify a particular person by the way that they walk, and even read a person’s lips with startling accuracy—in some cases even if a router isn’t in the same room as the person performing the actions.

Several recent experiments have focused on using Wi-Fi signals to identify people, either based on their body shape or the specific way they tend to move. Earlier this month, a group of computer-science researchers at Northwestern Polytechnical University in China posted a paper to an online archive of scientific research, detailing a system that can accurately identify humans as they walk through a door nine times out of ten.

The system must first be trained: It has to learn individuals’ body shapes so that it can identify them later. After memorizing body shapes, the system, which the researchers named FreeSense, watches for people walking across its line of sight. If it’s told that the next passerby will be one of two people, the system can correctly identify which it is 95 percent of the time. If it’s choosing between six people, it identifies the right one 89 percent of the time.

The researchers proposed using their technology in a smart-home setting: If the router senses one person’s entry into a room, it could communicate with other connected devices—lights, appliances, window shades—to customize the room to that person’s preferences.

FreeSense mirrored another Wi-Fi-based identification system that a group of researchers from Australia and the UK presented at a conference earlier this year. Their system, Wi-Fi ID, focused on gait as a way to identify people from among a small group. It achieved 93 percent accuracy when choosing among two people, and 77 percent when choosing from among six. Eventually, the researchers wrote, the system could become accurate enough that it could sound an alarm if an unrecognized intruder entered.

Something in the way? No problem. A pair of MIT researchers wrote in 2013 that they could use a router to detect the number of humans in a room and identify some basic arm gestures, even through a wall. They could tell how many people were in a room from behind a solid wooden door, a 6-inch hollow wall supported by steel beams, or an 8-inch concrete wall—and detect messages drawn in the air from a distance of five meters (but still in another room) with 100 percent accuracy.

(Using more precise sensors, the same MIT researchers went on to develop systems that can distinguish between different people standing behind walls, and remotely  monitor breathing and heart rates with 99 percent accuracy. President Obama got a glimpse of the latter technology during last year’s White House Demo Day in the form of Emerald, a device geared towards elderly people that can detect physical activity and falls throughout an entire home. The device even tries to predict falls before they happen by monitoring a person’s movement patterns.)

Beyond human identification and general gesture recognition, Wi-Fi signals can be used to discern even the slightest of movements with extreme precision.

A system called “WiKey” presented at a conference last year could tell what keys a user was pressing on a keyboard by monitoring minute finger movements. Once trained, WiKey could recognize a sentence as it was typed with 93.5 percent accuracy—all using nothing but a commercially available router and some custom code created by the researchers.

And a group of researchers led by a Berkeley Ph.D. student presented technology at a 2014 conference that could “hear” what people were saying by analyzing the distortions and reflections in Wi-Fi signals created by their moving mouths. The system could determine which words from a list of lip-readable vocabulary were being said with 91 percent accuracy when one person was speaking, and 74 percent accuracy when three people were speaking at the same time.

Many researchers presented their Wi-Fi sensing technology as a way to preserve privacy while still capturing important data. Instead of using cameras to monitor a space—recording and preserving everything that happens in detail—a router-based system could detect movements or actions without intruding too much, they said.

I asked the lead researcher behind WiKey, Kamran Ali, whether his technology could be used to secretly steal sensitive data. Ali said the system only works in controlled environments, and with rigorous training. “So, it is not a big privacy concern for now, no worries there,” wrote Ali, a Ph.D. student at Michigan State University, in an email.

But as Wi-Fi “vision” evolves, it may become more adaptable and need less training. And if a hacker is able to gain access to a router and install a WiKey-like software package—or trick a user into connecting to a malicious router—he or she can try to eavesdrop on what’s being typed nearby without the user ever knowing.

Since all of these ideas piggyback on one of the most ubiquitous wireless signals, they’re ripe for wide distribution once they’re refined, without the need for any new or expensive equipment. Routers could soon keep kids and older adults safe, log daily activities, or make a smart home run more smoothly—but, if invaded by a malicious hacker, they could also be turned into incredibly sophisticated hubs for monitoring and surveillance.

via Atlantic