News – AGW Technologies

VPNFilter: New Router Malware with Destructive Capabilities

AndyWhite — Sat, 26 May 2018 13:33:41 +0000

Unlike most other IoT threats, malware can survive reboot.

A new threat which targets a range of routers and network-attached storage (NAS) devices is capable of knocking out infected devices by rendering them unusable. The malware, known as VPNFilter, is unlike most other IoT threats because it is capable of maintaining a persistent presence on an infected device, even after a reboot. VPNFilter has a range of capabilities including spying on traffic being routed through the device. Its creators appear to have a particular interest in SCADA industrial control systems, creating a module which specifically intercepts Modbus SCADA communications.

According to new research from Cisco Talos, activity surrounding the malware has stepped up in recent weeks and the attackers appear to be particularly interested in targets in Ukraine. While VPNFilter has spread widely, data from Symantec’s honeypots and sensors indicate that unlike other IoT threats such as Mirai, it does not appear to be scanning and indiscriminately attempting to infect every vulnerable device globally.

Q: What devices are known to be affected by VPNFilter?

A: To date, VPNFilter is known to be capable of infecting enterprise and small office/home office routers from Linksys, MikroTik, Netgear, and TP-Link, as well as QNAP network-attached storage (NAS) devices. These include:

Linksys E1200
Linksys E2500
Linksys WRVS4400N
Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
Netgear DGN2200
Netgear R6400
Netgear R7000
Netgear R8000
Netgear WNR1000
Netgear WNR2000
QNAP TS251
QNAP TS439 Pro
Other QNAP NAS devices running QTS software
TP-Link R600VPN

Q: How does VPNFilter infect affected devices?

A: Most of the devices targeted are known to use default credentials and/or have known exploits, particularly for older versions. There is no indication at present that the exploit of zero-day vulnerabilities is involved in spreading the threat.

Q: What does VPNFilter do to an infected device?

A: VPNFilter is a multi-staged piece of malware. Stage 1 is installed first and is used to maintain a persistent presence on the infected device and will contact a command and control (C&C) server to download further modules.

Stage 2 contains the main payload and is capable of file collection, command execution, data exfiltration, and device management. It also has a destructive capability and can effectively “brick” the device if it receives a command from the attackers. It does this by overwriting a section of the device’s firmware and rebooting, rendering it unusable.

There are several known Stage 3 modules, which act as plugins for Stage 2. These include a packet sniffer for spying on traffic that is routed through the device, including theft of website credentials and monitoring of Modbus SCADA protocols. Another Stage 3 module allows Stage 2 to communicate using Tor.

Q: If I own an affected device, what should I do?

A: Users of affected devices are advised to reboot them immediately. If the device is infected with VPNFilter, rebooting will remove Stage 2 and any Stage 3 elements present on the device. This will (temporarily at least) remove the destructive component of VPNFilter. However, if infected, the continuing presence of Stage 1 means that Stages 2 and 3 can be reinstalled by the attackers.

You should then apply the latest available patches to affected devices and ensure that none use default credentials.

Q: If Stage 1 of VPNFilter persists even after a reboot, is there any way of removing it?

A: Yes. Performing a hard reset of the device, which restores factory settings, should wipe it clean and remove Stage 1. With most devices this can be done by pressing and holding a small reset switch when power cycling the device. However, bear in mind that any configuration details or credentials stored on the router should be backed up as these will be wiped by a hard reset.

Q: What do the attackers intend to do with VPNFilter’s destructive capability?

A: This is currently unknown. One possibility is using it for disruptive purposes, by bricking a large number of infected devices. Another possibility is more selective use to cover up evidence of attacks.

Q: Do Symantec/Norton products (Win/Mac/NMS) protect against this threat?

A: Symantec and Norton products detect the threat as Linux.VPNFilter.

Acknowledgement: Symantec wishes to thank Cisco Talos and the Cyber Threat Alliance for sharing information on this threat in advance of publication.

UPDATE: Netgear is advising customers that, in addition to applying the latest firmware updates and changing default passwords, users should ensure that remote management is turned off on their router. Remote management is turned off by default and can only be turned on using the router’s advanced settings. To turn it off, they should go to www.routerlogin.net in their browser and log in using their admin credentials. From there, they should click “Advanced” followed by “Remote Management”. If the check box for “Turn Remote Management On” is selected, clear it and click “Apply” to save changes.

UPDATE May 24, 2018: The FBI has announced that it has taken immediate action to disrupt the VPNFilter, securing a court order, authorizing it to seize a domain that is part of the malware’s C&C infrastructure.

Meanwhile, Linksys is advising customers to change administration passwords periodically and ensure software is regularly updated. If they believe they have been infected, a factory reset of their router is recommended. Full instructions can be found here.

MikroTik has said that it is highly certain that any of its devices infected by VPNFilter had the malware installed through a vulnerability in MikroTik RouterOS software, which was patched by MikroTik in March 2017. Upgrading RouterOS software deletes VPNFilter, any other third-party files and patches the vulnerability.

UPDATE May 25, 2018: QNAP has published a security advisory on VPNFilter. It contains guidance on how to use the company’s malware removal tool to remove any infections.

Credit: Symantec Security Response Team

https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware

Control4 Announces the Release of the CA-1 Automation Controller

AndyWhite — Wed, 14 Feb 2018 14:31:23 +0000

Control4 Announces the Release of the CA-1 Automation Controller

Priced at £365 MSRP, the CA-1 enables new opportunities for Control4 dealers to offer smart home experiences to a broader market via home builders, MDU developers, and hotel operators.

Control4 Corporation (NASDAQ: CTRL), a leading global provider of smart home solutions, announces the immediate availability of the Control4® CA-1 Automation Controller. The CA-1 enables Control4 Dealers to provide an orchestrated smart home experience for homeowners interested in lighting, temperature control, and security. At £365 MSRP, the new controller is designed to appeal to homebuilders, MDU developers, and hoteliers, giving them a way to differentiate with the inclusion of the most sought-after smart home experiences.

“The emerging range of smart locks, thermostats, lights, and cameras available today have certainly raised consumer awareness for the promise of the smart connected home,” said Martin Plaehn, Chairman and CEO, Control4. “Homeowners as well as home builders and building developers are looking for more than a just collection of independent smart devices. Our new CA-1 and industry-leading Control4 OS delivers that needed capability and customer experience – orchestrating all of the smart devices in a home.”

“Demand for home automation is growing and home buyers expect smart experiences in the houses we are building,” said Vincent Grabowski, Vice President of Construction from Saddle-Tree Homes in Colorado Springs. “But if we just add individual smart devices here and there, the homeowner experience quickly becomes disjointed or incomplete. Control4 and its new CA-1 provides a far more comprehensive solution and cohesive connected home experience – and at a price-point that fits all of our homes.”

Tailored specifically for smart home projects that desire lighting, comfort, and/or security, the CA-1 Automation Controller includes Ethernet, WiFi, Zigbee and Serial communication, leveraging the large Control4 database of thousands of 3^rd party devices to ensure easy integration and interoperability. Using the optional Z-Wave module, sold separately, enables the CA-1 to be compatible with a selected set of Z-Wave control devices including door, window, water, flood, and temperature sensors and electrical outlets and dimmer outlet modules. The CA-1 also features Power-Over-Ethernet (PoE) so it can be installed virtually anywhere with a single network cable.

“The CA-1 utilizes the industry-proven Control4 platform and broad device ecosystem so our dealers can immediately succeed with the skilled resources and expertise that they already have,” added Plaehn. “This is not a dialed-down version of the Control4 OS nor a compromise; this is a new category of automation controller designed to meet the connected home demands of home builders, building developers, and their buyers.”

Expanding the Control4 controller lineup, the CA-1 complements the entertainment-focused EA Series controller line, used in projects of all sizes and complexity. Using the CA-1, home builders and homeowners can now consider starting with smart lighting, safety, and security via Control4.

The new Control4 CA-1 comes in white for discrete wall, closet, and shelving installations. The CA-1 is available and shipping today, globally, at £365 MSRP with a two-year warranty.

For more information on Control4 visit www.control4.com.

Meltdown and Spectre Intel Processor Vulnerabilities: What You Need to Know

AndyWhite — Wed, 24 Jan 2018 10:27:13 +0000

Microsoft, Linux, Google, and Apple started rolling out patches addressing design flaws in processor chips that security researchers named Meltdown and Spectre. Here’s what you need to know about these flaws:

What are Meltdown and Spectre?

Meltdown, designated as CVE-2017-5754, can enable hackers to gain privileged access to parts of a computer’s memory used by an application/program and the operating system (OS). Meltdown affects Intel processors.

Spectre, designated as CVE-2017-5753 and CVE-2017-5715, can allow attackers to steal information leaked in the kernel/cached files or data stored in the memory of running programs, such as credentials (passwords, login keys, etc.). Spectre reportedly affects processors from Intel, Advanced Micro Devices (AMD), and Advanced RISC Machine (ARM).

Modern processors are designed to perform “speculative execution.” This means it can “speculate” the functions that are expected to run, and by queuing these speculations in advance, they can process data more efficiently and execute applications/software faster. It’s an industry technique used to optimize processor performance. However, this technique permits access to normally isolated data, possibly allowing an attacker to send an exploit that can access the data.

What’s the impact?

Intel processors built since 1995 are reportedly affected by Meltdown, while Spectre affects devices running on Intel, AMD, and ARM processors. Meltdown is related to the way privileges can be escalated, while Spectre entails access to sensitive data that may be stored on the application’s memory space.

The potential impact is far-reaching: Desktops, laptops, and smartphones running on vulnerable processors can be exposed to unauthorized access and information theft. Cloud-computing, virtual environments, multiuser servers—also used in data centers and enterprise environments—running these processors are also impacted.

It’s also worth noting that the patches that have been released for Windows and Linux OSs can reportedly reduce system performance by five to 30 percent, depending on the workload.

Google’s Project Zero has proof-of-concept (PoCs) exploits that work against certain software. Thankfully, Intel and Google reported they have not yet seen attacks actively exploiting these vulnerabilities so far.

Are they fixed?

Microsoft issued a security bulletin and advisory ahead of their monthly patch cycle to address these vulnerabilities in Windows 10. Updates/fixes for Windows 7 and 8 will be deployed on the January Patch Tuesday on January 9. Microsoft also issued recommendations and best practices for clients and servers.

Google has published mitigations on the infrastructure/products that may be affected (YouTube, Google Ads, Chrome, etc.). They also released a Security Patch Level (SPL) for Android covering updates that can further limit attacks that may exploit Meltdown and Spectre. A separate security update for Android will also be released on January 5. Note that patching on Android is fragmented, so users need to notify their OEMs for their availability. Nexus and Pixel devices can automatically download the update.

Apple’s macOS has been reportedly patched in version 10.13.2, while 64-bit ARM kernels were also updated. VMWare also issued its own advisory. Mozilla, whose team confirmed that browser-based attacks may be possible, addressed the vulnerabilities with Firefox 57.

Customising the Smart Home: How Control4 is putting the power into homeowner’s hands

AndyWhite — Tue, 16 Jan 2018 09:37:58 +0000

In the past few years, we’ve seen a growing divide in the smart home market, centred around the fundamental differences between mass-market smart devices and professionally installed home automation systems. And as one-off smart devices grow smarter and more feature rich, not to mention more popular, that gulf has only gotten deeper.

In short, homeowners have been forced to choose between the autonomy provided by standalone smart devices on the one hand, and the robustness, sophistication, and extensive device support of professional automation systems on the other.

Until now, that is.

When >> Then, a new feature of Control4’s 4Sight subscription services, bridges that gulf and gives homeowners the best of both worlds: the freedom to enhance, edit, and add to the automated events in and around their home, combined with the reliability, extensive device support, and unparalleled customer service that only a professionally installed automation system like Control4 can deliver.

So, what is When >> Then, exactly?

Simply put, it’s a slick and intuitive browser-based interface that asks homeowners a very simple question: “When X happens, how would you like your smart home to respond?” For example, by navigating just a few simple screens, a homeowner can set straightforward commands like “When I press the top button on the keypad in the kitchen >> Then play my favourite Spotify playlist,” or “When the sun rises >> Then turn on the kitchen lights.” Schedules and triggers can also be set to activate multiple automated events, for example; “When it is 6:00 p.m. >> Then turn on living room lights, lock the front door, and tune the television to channel 246.” With over 10,500 supported third-party consumer electronic devices in the Control4 ecosystem, the options for customisation are nearly limitless.

And the personalisation options aren’t merely limited to devices in and around the home; homeowners can also quickly and easily set up triggers that send push notifications to their smart phones as well. Parents might choose to receive a pop-up alert when their kids unlock the front door at the end of the school day, for example, or when the living room TV is turned on.

“When >> Then also means they won’t have to deal with frequent, time-consuming truck rolls or service calls from customers who merely want to tweak personal settings here and there.”

It’s exactly the sort of personalisation that Control4 homeowners and dealers alike have been requesting for quite some time. But getting it right was no easy task. It required a very intuitive, yet flexible interface: one that allowed for rich customisation without the need for the homeowner to have any experience or expertise in programming. Getting it right also meant designing a personalisation environment that allows homeowners to see what sort of programming their dealers have already done for the device or devices in question, but in such a way that they don’t have to worry about undoing, breaking, or interfering with professionally programmed, automated events.

Having his or her work protected from hands-on homeowners isn’t the only benefit for Control4 dealers, of course. When >> Then also means they won’t have to deal with frequent, time-consuming truck rolls or service calls from customers who merely want to tweak personal settings here and there. This leaves dealers with more time to focus on the bigger picture: installing and programming new home automation systems and performing major overhauls and upgrades for existing customers.

In short, Control4’s new “When >> Then” functionality gives homeowners the ability to tweak their homes to fit their lifestyles and needs, secure in the knowledge that they can fall back on the support and expertise that a Control4 dealer-managed system offers. It represents freedom, but also a safety net. It unlocks personal customisation capabilities for one of the most advanced control solutions on the market, in a way that virtually anyone can comprehend. And best of all, it allows homeowners to tinker and experiment, without fear that they’ll do any lasting harm to their advanced home control and entertainment solution.

New Security Vulnerability in Most WiFi Enabled Devices!

AndyWhite — Mon, 16 Oct 2017 13:17:43 +0000

The wi-fi connections of businesses and homes around the world are at risk, according to researchers who have revealed a major flaw dubbed Krack.

It concerns an authentication system which is widely used to secure wireless connections.

Experts said it could leave “the majority” of connections at risk until they are patched.

The researchers added the attack method was “exceptionally devastating” for Android 6.0 or above and Linux.

A Google spokesperson said: “We’re aware of the issue, and we will be patching any affected devices in the coming weeks.”

The US Computer Emergency Readiness Team (Cert) has issued a warning on the flaw.

“US-Cert has become aware of several key management vulnerabilities in the four-way handshake of wi-fi protected access II (WPA2) security protocol,” it said.

“Most or all correct implementations of the standard will be affected.”

Computer security expert from the University of Surrey Prof Alan Woodward said: “This is a flaw in the standard, so potentially there is a high risk to every single wi-fi connection out there, corporate and domestic.

“The risk will depend on a number of factors including the time it takes to launch an attack and whether you need to be connected to the network to launch one, but the paper suggests that an attack is relatively easy to launch.

“It will leave the majority of wi-fi connections at risk until vendors of routers can issue patches.”

Click the link below for more info

(Credit BBC News)

http://www.bbc.co.uk/news/technology-41635516

Get Surround Sound in Your Living Room—Without the Mess of Wires

innuvo_web — Mon, 09 Oct 2017 20:00:30 +0000

There’s nothing like the shake, rattle and rumble of a movie soundtrack to make you feel as though you’re in the middle of the action. That’s true whether the sound in question is a hail of explosive spears whizzing by in “Mad Max: Fury Road” or the lush score that immerses you in the intrigue of “The Grand Budapest Hotel.” Enjoying the same sonic experience in your living room, however, has typically required living with a big, honking A/V receiver and a mess of wires.

It took a while, but the wireless revolution has finally found its way to the home theater: WiSA, a new, ridiculously easy-to-use technology lets you conveniently position speakers all around your living room for optimal sound. The amplifier is gone, and so are the pesky wires you once needed to run to each speaker.

A system like this is a huge step up from a soundbar, the elongated speaker-packed box that tries to fire sound every which way. Always a compromise, even the best soundbars can’t deliver the realism that discrete speakers can. While Sonos, a company known for masterminding whole-home wireless audio products, has for years offered a setup that combines a soundbar and wireless rear-channel speakers, even that falls short of true surround sound.

New WiSA systems from Bang & Olufsen, Klipsch and newcomer Enclave Audio deliver the real deal. All support five to seven speakers (plus a subwoofer) that each has its own built-in amplifier and wireless receiver. Rather than having to snake an audio cable across the floor (or hiring someone to pry up your floor boards to run wires under the floor), you’ll only need one cable for each speaker: a power cord. And because the speakers establish their own Wi-Fi network instead of using yours, they can deliver high-resolution audio data without mucking with your Netflix stream.

At the heart of every WiSA system is a command center. This could be a small stand-alone box (as it is in the Klipsch setup below), or it could be built into the TV (the approach Bang & Olufsen takes) or the center-channel speaker (Enclave Audio’s strategy). To this hub, you connect your Blu-ray player, Apple TV, Sky box or whatever you’re hunkering down with for the night. What’s great is that, when the speakers are powered up, the components just start talking to each other. Menus displayed on a TV allow you to tweak settings, and the remote controls have an on/off button that will put all the speakers into sleep mode, awaiting a wireless wake-up call.

The setups here can handle movie-theater-quality Dolby Digital and DTS surround sound (automatically switching modes, depending on your source material). But you don’t have to be a cinema nerd to justify investing in a system. For example, if you’d rather not dedicate five speakers in your home solely to movie watching, you can divvy the rig up: Keep two of the speakers in your bedroom to listen to music, but on movie nights, bring them out into the living room to serve as the rear-channel speakers that are so crucial to creating the surround-sound effect.

Why not give AGW Technologies a call to understand more about how to free yourself from the wires but still maintain a high quality surround sound experience.

Eight Reasons To Automate Your Home

innuvo_web — Fri, 06 Oct 2017 20:18:51 +0000

You’ve heard about home automation and are wondering what all the fuss is about? If you’re like most people, you don’t do things without a good reason. Just why should you automate your home? Here are 8 good reasons:

1. Make tasks more convenient: Many tasks that are repetitive in nature can be accomplished automatically or with fewer steps using home automation. Instead of turning off or dimming four different lights when you want to watch a movie, home automation allows you to accomplish this task with one button.

2. Save money on utilities: Utilities can amount to hundreds of pounds per month. Home automation can turn off lights or lower the thermostat automatically when you aren’t using them and easily lower your utility bills by 10% to 25%.

3. Increased home safety: Many accidents happen in the home because of poor lighting. Home automation can automatically turn lights on in closets, stairways, and other dark places when you enter and decrease the chance of accidentally tripping or running into things.

4. Home security: Although home security is a priority for everyone, high installation cost or monthly monitoring charges make security systems cost prohibitive for many homeowners. Home automation provides an inexpensive solution to home security.

5. Good for the environment: In a time when we are all becoming more environmentally aware, home automation provides a good solution to help preserve our natural resources.

Home automation products can reduce power consumption and automatically turn off lights and appliances when they aren’t in use.

6. Peace of mind: Never again worry about your home while you’re away. Using home video cameras and an Internet connection, you can check on the status of your home or kids from anywhere in the world using a PC or web-enabled phone.

7. Learning experience for children: Technology is here to stay and the more your children learn about upcoming technology the better prepared they are for the future. Turn your home into a classroom, as your home automation projects become a learning experience for your children.

8. Something the whole family can enjoy: A family that plays together, stays together. Although home automation is all of the above, most of all it’s a lot of fun for the entire family. You will find home automation will bring the family closer together as everyone learns about the technology’s capabilities together.

So why not give AGW Technologies a call to find out how home automation can help to enhance your life and save you money.

How Well is Your Router Protecting Your Devices?

innuvo_web — Wed, 04 Oct 2017 21:20:48 +0000

In a world where more and more things are now connected to our home networks, how well are they protected from the bad guys? The Internet of Things or IoT is a hot topic and is creating a world where anything that has a plug can also be connected to the internet. This affords us a fantastic opportunity to make life easier and more convenient, but it also means we increase our likelihood of being hacked and our devices being used against us. You can’t install virus scan software, firewalls and anti malware software on your Nest thermostat or on your SMART TV, so how do you protect your tech in the IoT world? You might be thinking that my router has a firewall so I’m well protected, but unfortunately the firewall in your standard router is no longer good enough to fully protect you in this new and ever changing world of connected devices. If you are tech savvy you might also think if you have a state full packet inspection firewall (SPI) then that is offering you good protection.

Unfortunately standard routers, even ones with SPI are no longer good enough to fully protect all your connected devices. Fortunately though the security world has started to wake up to the need for better protection for home users and their devices, this has led to the development of next generation secure routers which are specifically designed for IoT world and use firewall technology which has been developed and perfected in the enterprise corporate world over many years. Well known security companies like Norton and Bitdefender have already released a new “secure” routers to the market and more are on the way. AGW Technologies has the knowledge and expertise in network security and the next generation secure home routers, so why not give us a call and find out how we can ensure all your devices have the maximum level of protection from would be hackers.

Want to know more, click on the links below:

http://www.bbc.co.uk/news/technology-38415067

https://uk.norton.com/core

https://www.digitaltrends.com/computing/bitdefender-box-2/