Newfound Router Flaw Lets Hackers Control Home Internet Connections

Newfound Router Flaw Lets Hackers Control Home Internet Connections: F-SecureNewfound Router Flaw Lets Hackers Control Home Internet Connections: F-Secure
F-Secure researchers have uncovered a critical vulnerability in some models of Inteno home routers that, if exploited, is severe enough to allow an attacker complete control over the victim device and the Internet traffic traveling through it. The finding highlights the security challenges plaguing consumer routers.

The vulnerability allows an attacker to install their own firmware to the device, which would still work as before, but with back doors and other unwanted features. An attacker exploiting the flaw would be able to listen in on unencrypted traffic going through the router, not just device-to-internet, but device-to-device inside the home; as well as manipulate the victim’s browsing sessions by redirecting to malicious sites.

 

“By changing the firmware, the attacker can change any and all rules of the router,” said Janne Kauhanen, cyber security expert at F-Secure.

“Watching video content you’re storing on another computer? So is the attacker. Updating another device through the router? Hopefully it’s not vulnerable like this, or they’ll own that too. Of course, HTTPS traffic is encrypted, so the attacker won’t see that as easily. But they can still redirect all your traffic to malicious sites that enable them to drop malware on your machine,” he added.
The router type in question typically receives firmware updates from a server associated with the user’s internet service provider (ISP). But problematically, the vulnerable routers make no effort to confirm the update is valid and comes from the right place.

An attacker who has already gained access to the traffic between the home router and the ISP’s update server (for example, by accessing an apartment building’s network distribution trunk) can set up his own update server. He could then apply a malicious firmware update.

Researchers say this case is just the tip of the iceberg when it comes to router security issues. And while the need for computer security is well understood, consumers are often unaware that a router is just as vulnerable.

 

“It’s ridiculous how insecure the devices we’re sold are,” says Kauhanen.

“We and other security companies are finding vulnerabilities in these devices all the time. The firmware used in routers and Internet of Things devices is neglected by manufacturers and their customers – by everyone except hackers, who use the vulnerabilities to hijack Internet traffic, steal information, and spread malware,” he added.

The flaw, while severe, is not immediately exploitable. An attacker would need to have already achieved a privileged network position between the router and the point of entry of the internet. Affected devices are Inteno EG500, FG101, DG201, and possibly others.

According to Harry Sintonen, the F-Secure senior security consultant who found the vulnerability, there is no way for a consumer to prevent their router getting exploited, short of replacing it with a new router without this particular vulnerability, or by installing the firmware that fixes the issue once it is available.

However, he points out that replacing the router is problematic advice. “As vulnerabilities in consumer DSL equipment are extremely common, it could well be that the device switch only leads to an even worse security situation,” he says.

 

By following the usual security best practices, however, consumers can mitigate damages should their router become a victim of attack.

Keep browsers and other software updated to prevent hackers exploiting security flaws in old software.

Use reliable internet security software such as F-Secure SAFE that stays constantly updated, to prevent a hacker from dropping malware.

Use a VPN such as F-Secure Freedome to encrypt internet traffic even if the router was hacked, encryption would prevent an attacker from spying.

Internet Blocker Offers A Easy Way To Take A Break From Connectivity

Internet Blocker

If you tend to surf the web a little too much from your mobile devices, computers and tablets you might be interested in a new Internet blocker application that has been created by a developer based in France. That allows you to easily take a break from being continually connected.

The Internet blocker is currently available via the Kickstarter crowdfunding website and is looking to raise $30,000 over the next 14 days to make the jump into production. So if you feel you or your family could do with a little downtime away from connectivity it might be worth a little more investigation.

Watch the video below to learn more about the new Internet blocker app that supports all operating systems and devices and is easy to install and setup. Its French developer Michel explains more about his inspiration and design.

With the help of developers all around the world, I have created a simple-to-use internet-blocker application that I decided to name Skeebloo (“Skeebloo”, deriving from the vision of blue skies, think Macfreedom and K9–with a philosophy difference described further below). It is already on sale on truetime-applications.com, but I would like to introduce the product line to android and iOS users.

With your generous support, I would also like to help evolve, in time, Skeebloo’s functionalities. The philosophy here is not only to help those with internet addiction, but over time to help the many more who have machine addiction—tablets, smartphones…

Skeebloo is a no-fuss-no-muss internet-blocker. As opposed to the other internet blockers out on the market today, it is sufficiently cheat-proof to do what is advertised: shut off your LAN access for a determined period of time, which means that once your computer is offline, it remains offline, no matter how much you tinker with the native system (such as rebooting, uninstalling the app itself while the latter is active, etc

Facebook Expands Free Internet Efforts, Unveils Terragraph and Project Aries

Facebook Expands Free Internet Efforts, Unveils Terragraph and Project Aries

After taking to the air with drones to provide Internet to remote spots, Facebook on Wednesday unveiled new land-based systems to provide connectivity to people in urban settings.

“We are really going at this problem from every possible angle,” Facebook co-founder and chief Mark Zuckerberg said of efforts by the social network to make Internet connectivity more widely available around the world.

Facebook used its annual developers conference to reveal Terragraph technology that uses low-cost, off-the-shelf components to create antenna-based networks in dense city settings to improve wireless Internet availability.

The technology “incorporates attributes and industrial design required for fast, attractive and affordable deployment across cityscapes,” Neeraj Choubey and Ali Yazdan Panah of Facebook said in ablog post.

“Its reduced interference and ability to operate in non-line-of-sight conditions increases customer reach.”

Terragraph “nodes” can be mounted outside high-rises or other big buildings and connected to Internet connections inside.

Terragraph is being tested at the Facebook campus in Silicon Valley and will soon start a broader trial in the nearby California city of San Jose.

A Project Aries at Facebook has a goal of building a test platform for efficient use of energy and unused radio spectrum that could provide a way to deliver Internet to communities outside of cities.

“We are interested in developing this technology to harness the incredible gains in providing communications to rural communities from city centres,” Choubey and Panah said.

terragraph_fb_1.jpg“The hope with systems such as these is that costly rural infrastructure can be avoided while still providing high-speed connectivity.”

Facebook stressed that it was not interested in being an Internet service provider, but wanted to show those who do what could be possible.

“Moreover, we would like to make this technology open to the wireless communications research and academic community,” the blog post said.

Satellite to launch
The leading social network in coming months will launch its first satellite to provide Internet service to sub-Saharan Africa, Zuckerberg said at the conference.

Facebook’s mission to connect the world has included building solar-powered Aquila drones capable of transmitting data using lasers.

“If you had told me 12 years ago that we were going to be building a plane, I would have told you that you are crazy,” Zuckerberg said as he showed off a lightweight piece of a drone during a keynote presentation.

“Well, here we are.”

Facebook estimates that more that four billion people don’t have access to the Internet for reasons that include access and cost.

As part of an often-shared long-range vision of letting people anywhere share whatever they want with anyone using the Internet, Zuckerberg on Wednesday announced the creation of a “Building 8” team devoted to building new hardware products for connecting the world.

Facebook hired Regina Dugan away from an Advanced Technology and Projects group at Google to head the new team, according to Zuckerberg.

Before joining Google, Dugan was director of the Defense Advanced Research Projects Agency devoted to innovations for the US military.

“I’m excited to have Regina apply DARPA-style breakthrough development at the intersection of science and products to our mission,” Zuckerberg said.

Facebook will devote hundreds of people and invest hundreds of millions of dollars to the effort as it pursues a 10-year roadmap that includes virtual reality, artificial intelligence, and online connectivity, according to Zuckerberg.

Mobile Internet Services Suspended in Kashmir

Mobile Internet Services Suspended in Kashmir

Mobile Internet services were on Thursday suspended in Kashmir to check spreading of rumours by anti-social elements, officials said.

Although service providers remained tight-lipped about suspension of the mobile Internet services, a senior police official said the step was taken to check spreading of rumours.

Services were unavailable to subscribers in Kupwara, Baramulla, Bandipora and Ganderbal districts on Thursday morning.

Residents of Srinagar and south Kashmir also said they were unable to access mobile Internet services in the morning.

Officials said the suspension was a temporary measure and services would be restored as soon as the situation returns to normal.

Four civilians were killed during clashes between stone pelting mobs and security forces in north Kashmir’s Kupwara district since Tuesday.

The trouble erupted after locals alleged that a soldier had tried to molest a school girl in Handwara town on Tuesday.

Online Shopping Top Reason for Accessing Internet in India

Online Shopping Top Reason for Accessing Internet in India: Survey

Online shopping is the top reason for Indians to access Internet followed by social networking, said a joint survey by American Express and Nielsen on Tuesday aimed at gaining consumer insights on online buying habits.

Titled “Understanding Online Consumers”, the survey undertaken in six cities – Delhi, Mumbai, Bengaluru, Jaipur, Ahmedabad and Hyderabad – discovered banking, booking tickets and emailing quickly followed shopping and connecting with friends to access the Internet.

In the survey, 98 percent respondents voted for online shopping, 96 percent for social networking, and 95 percent for banking, emailing and booking tickets.

According to the survey, the main drivers for online transaction include ease of paying online (51 percent respondents), safety and security (43 percent) and faster processing (39 percent).

Cashback offers (40 percent), discount coupons (38 percent) and cheaper prices (36 percent) are the other major pull factors for virtual shopping, the survey said.

“With a booming e-commerce and e-services market, brands have become price-competitive, 60 percent of respondents cited that they get enticed to shop online during discount days,” it said.

Growing inclination to pay utility bills online is another trend found by the survey.

“Three out of four people pay their utility bills online. Tech-savvy youth (age group 18-30 years) aptly targeted by online recharge and utility bill payment platforms, show higher adoption rates (81 percent) for online utility bill payments,” said the survey.

Delhi and Bengaluru (81 percent) lead in online utility bill payments followed by Jaipur (75 percent) and Ahmedabad (72 percent) and Mumbai (69 percent).

Plastic money also beat hard cash as the preferred mode of payment for shopping. “70 percent Indian consumers prefer online shopping with cards over cash on delivery; quick and safe refunds being the key reason for their preference,” said the survey.

Women are more active in the virtual shopping landscape, leading online transactions above men, with 74 percent of the female respondents use plastic money for online transactions.

“Women are using credit and debit cards to shop on their mobiles (98 percent) and book flights online (56 percent). Women participants (98 percent) also have higher penetration of mobile apps as compared to men (81 percent),” the statement added.

Google to Give Training to 1 Million Africans to Boost Jobs

Google to Give Training to 1 Million Africans to Boost Jobs

Google is scaling up its digital skills training programs to accommodate a million Africans in the next year, aiming to deal with high unemployment numbers on the continent.

The US tech giant plans to train 300,000 people in South Africa, it said in a statement Tuesday, a country where 35 percent of 15-to-34-year-olds are unemployed. A further 400,000 Nigerians and 200,000 Kenyans will receive free digital training, while another 100,000 people will be selected from other sub-Saharan Africa countries.

“Google is in Africa for the long haul and we are making an investment in talent,” Google South Africa country head Luke Mckend said. “We hope that the people trained will become pioneers in the field and do great things in digital for companies and for Google.”

He said more needed to be done to support people in Africa in order to succeed in the digital world. “The Internet offers huge opportunities to start new businesses and grow existing ones, and we’re committed to helping Africans make the most of the digital revolution.”

The company has partnered with Livity Africa to develop training programs and is rolling out a new online education portal for learners in the region. “We’re also talking to a number of other potential partners across Africa with a view to scaling the digital skills training program and helping to reach even more young people in more countries,” Google said in a statement.

African Internet bandwidth increased 41 percent between 2014 and 2015, according to a TeleGeography Global Internet Geography report. Research conducted by Google suggests Africa will have 500 million Internet users by 2020.

Large US tech companies such as Google, a unit of Alphabet Inc., Apple, Amazon and Facebook have been under public scrutiny globally for the relatively low tax payments they make outside the United States. Partly to shore up their credentials as good corporate citizens, the companies have often funded free education programs and touted the number of jobs their businesses have helped create.

Google said in February that it had trained one million Europeans in digital skills and committed to training another million by the end of 2017. The company has also joined the European Commission’s Grand Coalition for Digital Jobs, an effort to educate more Europeans for jobs in the information technology sector, along with companies such as Cisco Systems, Microsoft, Oracle, Samsung, SAP and Telefonica.

Facebook, in 2014, backed the UK’s Web for Everyone campaign, which sought to train Britons in Internet-related skills. Apple, meanwhile, has announced it is opening a training center in Naples, Italy, to encourage Europeans to learn to code. The company has also highlighted the number of jobs it has created in Europe, both directly through its stores and data centers, and through the companies that create apps for its iOS ecosystem.

Amazon said in January that 10,000 new jobs in Europe were the result of its business in 2015 and that it would create “several thousand more” this year.